From: Sent: To: Subject: Attachments

:

Tuesday, February 27, 2007 11:35 AM FW: Procedures tor setting U|3^ Content Scan (UNCLASSIFIED) SE RICO.xls; Watchfire WebXM SCAN Manual.doc

3E RICO.xls (58 KB Watchfire WebXM SCAN Manual.do...

Classification: Caveats: NONE

UNCLASSIFIED

-Original Message Sent: Thursday, February

)]ect: Procedures tor setting up a Content Scan (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE

Attached is a spreadsheet and word document

The doc is a step-by-step procedure on setting up a Content Scan.

The spreadsheet is divided into 4 sections with YOUR appropriate name on the top of 20 URLS .

The step-by-step document is in draft form. be change of addressed.

Please make note of any thing that needs to

Notice that the RCIO is SE, so create the job in the SE RCIO.

Once you have completed and the jobs have finished. violations were found for each job.

Let me now have many potential

If someone has a few violations and someone has a substantial amount, we can assign jobs accordingly

Thanks

SFC paschal Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

Ami\.\
}
•t
, •

.«*

;*

2

US AG School SE APBI2002 SE CHL SE CIRP SE CPOCSCR SE EBS SE cesas SE 184th IMAD SE JTS SE NGATS SE PMTMDE SE RFI SE SPORT Website SE LA-TLAC SE USASAM SE USASSI SE USAWOCC SE VTC SE AMRDEC AEROMECH SE aeromech SE AFMS SE AMCOM SE AMSS SE ANAD SE ARMYOCS SE USAR 108th Division SE WAATS SE Benning SE BACH SE Campbell SE DDEAMC SE FSCADENTAC SE EDMS PMO Home Page SE RFAAP IRP Web Site SE SE FNG SE FORSCOM SE
JE

US AG School APBI 2002 CHL CIRP CPOCSCR EBS cesas 184th IMAD JTS NGATS PM TMDE RFI SPORT Website LA-TLAC USASAM USASSI USAWOCC VTC AMRDEC AEROMECH aeromech AFMS AMCOM AMSS ANAD ARMYOCS USAR 108th Division WAATS Benning BACH Campbell DDEAMC FSCA DENTAC EDMS PMO Home Page RFAAP IRP Web Site FNG FORSCOM DOIM Jackson KNOX MACH

SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE "SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE SE

Jackson SE KNOX SE MACH SE

McPherson SE MEARS SE MACH SE MVD SE MVK SE USACE New Orleans SE OMEMS SE AMCOM SE RRS SE USAAMC SE USACE Charleston SE CESAS SE CESAW SE RSC SE SMDC SE SGT Beacham US Army SF CMD SE DIVARTY SE Little Rock District SE TUAV SE USAALS SE USACHCS SE USAR SE WAMC SE WACH SE LAISO SERucker SE Refill Web Server SE Fort Benning SE IADS SE JTIDS SE PUBS SE VFSO SE Cargo SE PEOAVN SE Acquisition Center Website SE AC Web SE Buchanan SE 3dMEDCOM SE

McPherson MEARS MACH MVD MVK USACE New Orleans OMEMS AMCOM RRS USAAMC USACE Charleston CESAS CESAW RSC SMDC US Army SF CMD DIVARTY Little Rock District TUAV USAALS USACHCS USAR WAMC WACH LAISO Rucker Refill Web Server Fort Benning IADS JTIDS PUBS VFSO Cargo PEOAVN Acquisition Center Website AC Web Buchanan 3d MEDCOM

http://agsssi-www.army.mil http://apbi.redstone.army.mil/ http://chl.wes.army.mil/ http://cirp.wes.army.mil/cirp/cirp.html http://cpolrhp.army.mil/scr http://ebs.lrl.usace.army.mil http://en.sas.usace.army.mil http://imad.redstone.army.mil http://jtshelp.redstone.army.mil http://ngats.redstone.army.mil http://pmtmde.redstone.army.mil http://sasnotesweb.sas.usace.army.mil http://sport.redstone.army.mil http://tricare15.amedd. army.mil http://usasam.amedd.army.mil http://usassi-www.army.mil http://usawocc.army.mil/ http://vtcenter.redstone.army.mil http://www.aeromech.redstone.army.mil http://www.aeromech.redstone.army.mil http://www.afms 1 .belvoir.army.mil http://www.amcom.redstone.army.mil http://www.amss.redstone.army.mil http://www.anad.army.mil/ http://www.armyocs.org http://www.armyreserve.army.mil http://www.az.ngb.army.mil/waats/default.asp http://www.benning.army.mil http://www.campbell.amedd.army.mil http://www.campbell.army.mil http://www.ddeamc.amedd.army.mil http://www.dencom.army.mil/serdc/ftstewart/ http://www.edms.redstone.army.mil http://www.envnet.org/rfaapirp/ http://www.finance.army.mil http://www.floridaguard.net http://www.forscom.army.mil http://www.gordon.army.mil http://www.jackson.army.mil http://www.knox.army.mil http://www.martin.amedd.army.mil

http://www.mcpherson.army.mil/ http://www.mears.redstone.army.mil http://www.moncrief.amedd.army.mil http://www.mvd.usace.army.mil http://www.mvk.usace.army.mil http://www.mvn.usace.army.mil http://www.omems.redstone.army.mil http://www.redstone.army.mil http://www.rrs.army.mil http://www.rucker.amedd.army.mil http://www.sac.usace.army.mil http://www.sas.usace.army.mil http://www.saw.usace.army.mil http://www.se.usar.army.mil/ http://www.smdc.army.mil http://www.soc.mil http://www.stewart.army.mil http://www.swl.usace.army.mil http://www.tuav.redstone.army.mil/ http://www.usaals.army.mil HTTPV/WWW.USACHCS.ARMY.MIL http://www.USARC.army.mil/ http://www.wamc.amedd.army.mil http://www.winn.amedd.army.mil http://wwwlaiso.redstone.army.mil/ http://www-rucker.army.mil https://arwshkuz50.stewart.amedd.army.mil https://benning-emh12.army.mil https://iads.redstone.army.mil https://jtids.sed.redstone.army.mil https://pubsweb.redstone.army.mil https://vfso.rucker.amedd.army.mil https://www.chinook.redstone.army.mil https://www.peoavn.redstone.army.mil https://wwwproc.redstone.army.mil https://wwwproc.redstone.army.mil/acquisition www.buchanan.army.mil www.usarc.army.mil/3medcom

Soldier Support Institute Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U.S. Army Engineer Research and Development Center CPOCSCR, Information Services Division Find and put in the correct Full name of unit or website Savannah District Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Product Manager Test, Measurement, and Diagnostic Equipment Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U.S. Army Soldier Support Institute Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Anniston Army Depot 3-11th Infantry Bn (OCS), Ft Benning 108th Division (IT) Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Information Technology Business Center Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Radford Army Ammunition Plant US Army Finance School Florida Army National Guard Office Of The Chief Public Affairs Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Fort Knox DOIM Find and put in the correct Full name of unit or website

US Army Garrison Public Affairs Office . MEARS Automation Moncrief Army Community Hospital Mississippi Valley Division Vicksburg District US Army Corps of Engineers, New Orleans District OMEMS Army Aviation & Missile CommandCorporate Information Center Recruiting and Retention School Find and put in the correct Full name of unit or website US Army Corps of Engineers, Charleston District Savannah District Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U.S. Army Special Operations Command Fort Stewart Little Rock District AMCOM, Redstone Arsenal, AL Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website U. S. Army Reserve Command (USARC) Womack Army Medical Center Winn Army Community Hospital Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website USA MEDDAC Fort Stewart GA Find and put in the correct Full name of unit or website U.S. Army Aviation and Missile Command Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website PEO Aviation Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website Find and put in the correct Full name of unit or website 56th Signal Battalion Find and put in the correct Full name of unit or website

Watchfire WebXM "Setting up Content Scans >5 1. Log into Watchfire WebXM web site: https://netcom02/webxm/ 2. Once log into Watchfire you will see the following screen. Next, go to "Navigate" in the upper right corner and select "Webspace Center"
S I WetlMrc W t b X * -ncTOdDft Interact Exiorer •:•!s« ••>> Ft-atrt [™
fj.,i

I'lftHRnnhri;

'UJst*i

©•*.?•©•-@ftl ^ i p w , . ^ ^ * . e|'.>-v & > • * £i
Cui^le ||Q*." _ T3*
1

^

'

-

-

'

-

f'"SS fi * I ^ * X * W * i ' f ' ^ ! ^ '

L

I'^'ChKll * -\£Lj(Mi* *•; ^ J J W J I , QtiSBidta*
1 W n b i p a t * Cflninr I A JrnmifT s'ififi i"."*ntar 1 J"<rEor>aFtii

atJCHnRCT AVURAC Dashboard
•SiUHMltJi •• ' l ^ . T • , • • 1 Campklanea F4vantn • "^eSfllliaianPB,-*I"VAJUI^JWRSnpVPP M'- 'lit

HNHS
C l t « N PAGES Ot BEC10N

Export Si

tTH^sro^T

f t E J W P n S E S B Y ISSUE C l a j f l P44ts tor All NigiOHi ICE CflnM-MlMCE TAP FDA [>fc TAILS


ioq

Currnnt Brgmn All Rcg-Di'i

y
10D% —

Subregiom NW RCIO 100* -

UE-B^Q
CLEAN PAGE9 OVER T I M E Currant Trend: Currant Ucuar Show trend f » n Cl«.*n p*ig#ij lor 71 Rug ion-,' *1 AWKAC Dashboard IAWHAC D*fhk«Jid

100% -

^Lftiia
100% -

-3 «..„„b

5L££I£
L0D% January Rlnns 1 0% —

p
Pggr

«

so
*M-..:]

g

1JU

Good

J
Ffltaudm

]

. • : ^n^r T r7^rw*^-*

i

3. At this point, you will go to the Webspace that you are assigned and click on that space (eg. NE RCIO, NW RCIO...)

tfm

6 *

9 "

Pl-MK

lools

ijee

Mmas£$g!z^zz s:-r.J>* a

Q«* -'O- flli '& .p 5 "* ^•'M*".<?l d>
WatCHnRe'
DAHQVASCHALLM CParsonjIizel Taikt Create... V*rt«uf bUat ta b* ccinnad Global Update...

^

I *

Kfllp | -*t>QUt l i O Q j r j t

Webspace Center
Yau i r i hatn W| Wjeihfli* * Whbap

V i m : Sfrqri J S l a n d a r d i L-na

c s

Periodic m a i i m a n t i of Army iltai.

3

Pacific
Parladlc a i t a i t m a i i M of Army *lcac

C j Socci-il R«aucs; Scan Raquaftad Scant.

•sraxneEES

%J&b FrooarTnj
[ & Raoort Properties I I 0 Jabi, ORapai P f M i m » | Dalata | Qfj

B«MUHLI C M B M « J I 1 9 t J o b i , 197 R«»ort P i t l u Pm&trttai | Otl«t« | Q»«w

DiHUn.1 C u t M t f l lOJobl, 10 RaportPacki Prc-mttt«i | Palati | O P —

[ M t t i b i I Jab, 0 RapaiT P*ckj ProBtnlfi | D«ltta | Q u i

U | Mv Watchfira

* Q j i

Euroop Partodlc i

BJNWSCIO
manu of Army * k a i . Parladlc u n i t m a i m af Army l l t a l

'S^...,.™..,, . , _ , „ , .
I M * URL I C i t t H b i 39 J obi, 38 Raport Pack. Praoairiai | Delete | Open

C& SW RCIO
Partodlc a n a l •manu of Army * l t *

»> Mr Watehfirc C l « « g
L g Wabsflace Confer [ffi idgtlOteE*Jfea Canter C w t n t i i 3 Jobl. 3 Raport P*< Pra turrit l | Oakrt | Q»cn
•» • URLI BMURLI

C » t M b i 98 Jobf, 92 Raport Ptcki Propertlii | 0<lata | Qgen

E a a t M b i 9 Job I , 9 Raport Packi P r o m n l n | Dilata | Q t f J

tl-^J January Bloas * of Army Wab Lags,

C«*t»nt»i 3 Jebi, 1 Rapart P a d Prootrtm | Dalata | Q»—,

31!
g] NqM:jVnettt^/i»*lltjiaetM«t*.*lSp?mid-»

"i. : H!

pE?;^^

Now let's start setting up some jobs! 4. Notice the left side of the screen; under Task, you will click on "Content Scan Jobs"

©-* - &'. © i i

ST

^fl'-& i*b# &
KID

3_a.&'.
Qsittfr^
i : I :. j •••:.:•-.

111*!

; wateHuTte* NE ROO
DAHQVASCHALLH * * — " * < • " > ffitiH-i"! r , | ^ | f > I *

| LQQ Out

Jabi ' .
T n h i

fig RnourtP*cki ,. ,, ~. : i . .
W A T C S - S NE Jan 07 TRADOC Chief of Staff- Safety Offlc

View £££rt I 3toi*rf*ird | LajU

mi bf: N i m e | „i?r pgn I' Nftt flujy

Create...
0 3 C o n t e n t Scan Job & I n f r a structura Scan Job

] Q 3 l P Q 4 t : h O M C O < G S ) N E Jan 0 7 1004th Quartermesttr Company (GS) official wee | site

life Report Pack HatfJfltaqji :=j.V .
B j M Y WatchfifB r> M T Watchfira Classic E g W e b s p a c e Center [ S AdrriiniitDtiqn C e n t e r

- . ••-_"

i l URL) htr.pi//www.uiare.army.mll/l0 • " • " * • *>«T*-ff M m>.7*J*r.»rmy.mll/i ... B ul t URL i htr.pi//' L u t r u m Mon 1 / 2 2 / 2 0 0 7 1 2 : 0 0 AM Sijrttp:i'A*w*.usarc army.(T»JMODHWVP 7 ' 3 i 0 2 AM Statistics, N « K ttn »nii N e t schaduled * K n i i Nat ^ " ^ N u t ~ » Nat , ^ 4 f ^ U e a r t n M t M t M i Collect Links UNitaHtptfwi Collector.* P r — r B e i | Delete | Sim | '|L»4 0 3 1 0 t h LSO NE Jan 0 7 10th L«q*l Support Organic

B * M U H L I httf<i//www.ftmeeda.army.mil/ L a a t r w i T h u 2 / 1 / 2 0 0 7 9i 18 AM Statistics Newt rani Not schaduled Uearha*ntp»*e*l Cq[l^c;l4p(ji P r — r * j w | Delete, j Rim I C&rrtir.u* | Lag ] G a r r i t o n I n t r a n a t NE Jan 0 7 Fort Datrick Oarrlion Intranet

B A M U R L I httpi//ww*.rmda.beIv L M t r a a i Sat 1 / 2 0 / 2 0 0 7 1 2 : 0 6 ^ N r n t m i Not scheduled I.. U * « r k > ( x i t p * f M i CQllectLlnkti'

BatitdiM I Dii±£i I Ean \ <:,«,.•
JHOTC WEBNFJanGT

1 ATDC-M NE Jan 07
TRAOOC Deputy Commanding Gai

ROTC MIL WEB SITE

B e o * U M . : h t t p : / / w v w u i * r c »rmymil/IO .. L * * t r w i Frl 1/2672007 9 i l 2 AM S u t H r k i NeMtntmNot icheduled U*«r meat pa«e*i Collact Links

• M A U K L I httpi//www tradoc army mll/u . L i t l i w i Frl 1 / 2 6 / 2 0 0 7 9 i 2 8 AM Statistics N n t n a i Not scheduled U t e r l » a « j t | ) * t * * i Collect Links

PIT—tti— | Q*|tt« | Rjin | 'A'niir.im ) L*S
• QlUHhMTNOCW-PlESMEab 10th M T N O I V - NE

ptTP^r^n I fijliii I &m I c-JHTii-i.j*. | i.e.)
3 A T O C - N NE Jan 07 TRADOC Oaputy Commanding General fer ARN0

I t M U R L i httpji//aanif»n.(tatrtcl( arm _. L M t r w F r l 1 / 2 6 / 2 0 0 7 L O 1 I 6 A M S^OiiJc^ N w t r w i Not ichadultd I h t r b p a t i H * * ! CollactLlnki P f f f r t i W I Ealaci I Silfl I C'.<r,':im<4 I Lua 1 CCSS^Armir ME Jafl *7 OUbal Combat Support Systems - Army

B I H UftLi http://www.rotc monr L M t n m i F r l 1 / 1 9 / 2 0 0 7 9t43 P!-, N e u t r a l ; Not scheduled UecrMfHtfcpaejefi Calltct Links . I I Delete. | Ew I - " J

Resource Services - Washington:

• « • • URL I httpi/Zwww.drum.army mil/ L M t r a a i S i t 1 / 2 0 / 2 0 0 7 1 2 i 0 6 AM S n t n t K f NaMtnMi Net scheduled U M r h i p . t > • « • • • Collect Units Prwwrti** ] O t U w | Sim I «;.jiun.'n | L^g ail73TTBHME]anr}7 1173rd Transportation Terminal Battalion

I « M U M . I httpt//w*w,tred»c. irmy.mil/a .. L a a t r w i Sat 1 / 2 7 / 2 0 0 7 I 2 i 0 2 AM Statistics N m t i w i Not tchadulad Use* tafMt » a « « i Collect U n k i I Delete | £jifl | Conttnui | L'jj

B I M U»Ui httpi//vww.ac**-army.lee arm ... L a e t n a t T u * 1 / 2 3 / 2 0 0 7 12i04 PM S t n ( ^ i : < N w t r w i Not scheduled I h M r i M M t I H M I C,olU^Urtlt> P t a t t r t t w I Deleta | Run | Cnra1nui> | Lot] 1HQDA1MET.JJEJMD7 Headquarter*, Department of the Army [NET

LMtnaitiThu 1 / 2 3 / 2 0 0 7 *|2™J H e - t r - , Not scheduled

''

1 ATEC NE Jan 0?
Army Test and Eval lation Command

STAMOARO ARMV T R A I N I N G : V l

^j

.

i r r i isr i»j taai «™i

5. Under the Job Name: You should put in a job using ACRONYMS (For example: USAGE ILL SE JAN 07 6. Under the description box you should put in the full text Web site Army command name. (For example: United States Army Corp of Engineers Illinois). 7. Next you will click on the "Create the Job and Continue". This may take a minute.

<awatchrire WebXM - Microsoft Internet Explorer File F,d* View ;) Favorites • [x] Tools Help Search £ > Favor*.. . £ > | • .'•'; - ,'£^, JS) . '"'] *} ^

p^S0§S^^S8STOSS'S^!#SS!;'*!' T-

J9i*l

Q l « k

[Si

;V; | P

Addmi | £0 hctps://netcom02/web)aTi/cs)obopts-aeat9.asp?w^-,watfancd-webspace.a5p?mld-

~3 flg° 1 1
'S | Autof r ' [ • Send t o . -

cocSic|:c^'"

j j & j J . Q

- I £ 3 ? ! ~ ? » j " ^ Check »

• i Aumunl.-r

G settings- ' & '
i—

— - t _ _

watscHfrne
General Properties

liHBiie^^i'^'.igiai

Create a New Content Scan Job
You are here: My W a t c h fire > W e b s p a c e Center > 5E RCIQ > C r e a t e a N e w C o n t e n t S c a n J o b

General Properties
Identify this j o b When y o u click 'Create the Job and Continue', the j o b will be created and y o u will be able to edit its properties* | Identification Job name: JUSACE ILL NE JAN 07 Description (optional): United States Army Corp o f Engineers Illonis

"3

Contact name and information (optional): |DAHQ\PASCHALLM

^Cancel 141 ;.'•. •Wstart] (Sf M [ j j

S l C r e a t e the Job and Continue 1
VJl AWRAC SCANS . | a ] WatcUre WebXM SCAN .., [ & status; Connected I IMC,.. 11 g j W Verifier WebXM - M .

.

' [ § j V j local htrarat |0JJ^,'3l 10:19 AM

8. Now you should be at this screen, type or cut and paste a URL into the "New starting URL: text box" and "click" on the ADD button. This may take a minute.

<3walcM>K WebXM - Mltmwlt tntpmet ftwlorer [Ic [rit 9M Fwrtn looti bsfc

^g^pe^gBsgsp^?-'


flcjdrmj

^^tp<:^r^onira/v^^tTTCtJC1rtl-Ky>i^,^?Iob^-2QZ7g*ancal^Mbg«B%^fltf%^

- a & ts1p** &*-•» e ©- & $ - u * ft

J j j £ | Go [.Links

General Properties • W h a t to Scan Scan Options General Options Servers and Domains Exclusions C u s t o m Error Pages Interactive Components SessiQP IDs F o r m Transients A u t o m a t i c F o r m Fill Connection Settings I N e t w o r k Connection Advanced Login

m

You are here:

Mv Watchfira > Webspace Center > SE RCIO > USACE ILL ME 3AN 07 Test - Properties

What to Scan
Indicate the URLs where the scan o f the site should start, as well as any scan limits t h a t are needed, Starting URLs New starting URL; | h t t p : / / w w w . USACE-III.army.mil/ Existing Starting URLs: S t a r t i n g URL _ _ ^ _ _ : ( N o URLs specified.)

Status

J

_

R e p o r t D a t a C o l l e c t i o n _L Report Types Metatao for Grouping F o r m s to Exclude Application Technologies J
I

Sri —•

Remove Selected Items
Scan Limits

^•m
3Back ] NejSijQ
0 ~ | v J Local Intianet

^ J _ _ ( L . S c a n all c o n t e n t j n alLi.n.ternaLdomaJos.. Finjshll

aaCanceJ

m

QAWRAC SCANS

| JjjWatchfmWebXMSCA»l,.,| & status: Contacted IIMC,., || j j j WatcMVe WebXM - M_

(5) Mcrosoft Exctl-SERIC...

[ © £ « . &

10:23 AM"

9. Now you should see something like this. Now "click" on the

a Watchhrc WtbxM - n i r a i o l t Internet Explorer
Sto Ec* Sew Fjvortes Ion* ^lc

• •

-

L

.

-U

© s a c k . © r @ g • ; , | p * . * ^n™*« £>]v;*-J&.^i-- Q *fc Jet
address | . j j htict:<)iwionJ^»^<^^pDttiti^jc»ifiM.aarpb«i-;D;7»ej^»t-»i»lMc<c»%JI^^

"3 t K |-t"«
Q >T'>^ ' Tl!j

fioogfcjlgl*

3

G o

f £3 " i r * ? ? ? t ' " - 4 ? ' * " * * " \ StitnLr* - '• ^Qftutfort| ^ Santa;

watCH^te" USACE ILL NE JAN 07 Test - Properties
±1 You are here: Session IDs F o r m Transients A u t o m a t i c F o r m Fill Connection Settings N e t w o r k Connection J New starting URL: My Watchfire > Webspace Center > SE RCIO > USACE ILL ME JAN D7 Test - Properties

ir^fe'-TTllffiTH!

ar
Existing Starting URLs: S t a r t i n g URL ;http://www.usace-ill army mil/ Status
•••?'

-rAcM

Advanced Login
Report Data Report Types

: Collection

(Re-test)

g

i d

Metatao. for Groupinc F o r m s to Exclude

Application
Technologies Critical Pages Settings Data Maintenance Reports Dashboard Settings Job Status Alerts Schedule Agent Server Log Settings P * r Scan all c o n t e n t in all internal domains Scan only up t o the following limit Amount Limit

Remove Selected Ite'nvi
:

I

I
C) AWRAC S A 5 CM

f^i

3
ffflBack | Nextjg Finish?
~ Up. F~' F T : RTv I S T j * J Local Intranet [5] Mcrosoft Excel-SER1C:

In starting domains, only scanjinks in and be[qw ^ e j f r e c t q r y o f each starting URL.

^|avasCT^:d^_cc«fflK»iiJ_SubniitFwrT<m«rwVcs)cfcc^s*ep()n^.a^

jfr'Starf| [5) BH [J]

| a]WatcW»WebXMSG>N,,.| Q status: Connected I IMC... [| g | Watchlitc WobXM - M _

•'.''. f Q ^ ' O ; ^ 10:33A

10. Next, notice on the left side under General Properties the Reports property; "click" on it. 11. Now you will see this page. 12. Now "click" on the "Create and Package All" button. This may take a while.

3 w « chfiie WchKM MlcromH internet E w l n n So £d» £lew Favorites look 8eb

•JSJ. t*T- Q *> ' f t

©Sack . ij§. ! . [V] j_g ^ ' p S - d . S^F««« *3kf.-jgV §
Gaciylc, (,V'
_J'o»M3 * i S ^ I "& Check »

Addreii |jg httpj r//neti^xTifl2/^wn/c fldx^*^«OT*.aSB7Klbid-ZDZ7Wflr*fii*^spaci. Mp^rtid-«UVnish-wefcifMC9. HP^*MWOatyTl«>viutotlnll "^j AutoFill L«»SendtO'r

~33 S. *

Lwa

wafcHfoer USACE ILL NE JAN 07 Test - Properties
components Session IDs Form Transients A u t o m a t i c Form Fill Connection Settings ± i You are here: Mv Watchfire > websoace Center > SE RCIO > USACE ILL NE JAN 07 Test - Properties

aggf^winiBiES

»"i
',

Reports
The reports t h a t have been created for this j o b are s h o w n below.

mtWQrtConnwtMi
Advanced Login R e p o r t D a t a Collection Report Tvnes Metataa for Grouping F o r m s to Exclude Application Technologies Critical Pages Settings Data Maintenance Reports Dashboard Settings Jab Status Alerts Schedule A g e n t Server Loo Settings

I

Reports for

this Job

No reports have been created for this j o b . To create a n e w report, click 'Create New'. Create N e w ... To automatically create all o f the reports for this j o b a n d package t h e m in a r e p o r t pack n a m e d after this j o b , click 'Create and Package All'. Create a n d Package All ?|

SaQanss!

m


'J?l AWRACSCANS 4D WatcWra WebXM SCAN ... | Q status; Connected | IMC... [ g ] Watchfire WebXM - M-. [ j j Mcrosoft Excel - SE R1C...

Heads I tkiiiU fimsbj
, f g | |»J Local Intranet

J'startl [si as L3

O S ' S - & 10:38AM

13. Now you will be at this page; now look back over on the left side and "click" on the Dashboard settings.

ilW'SUhfire WeWM - Mfcmoft Internet bairn Bta 6il Bw Famxtss load ado

Q*
Cottle XT

ell.--:
_*]&, J, £ l * I: ^ ? = , | ^-"ch«k

W J

:>*
jAutc-r-ill [^5endto-»

iHil

* * r « i ] . ( j j httsi:tlrtth^arezittttanlcijoboou-'aimtj. •io/io<xJ-JttI7i>i3ncBl-»«>[Mt »%iEMIi1v3fwjuniXMDUJwh-tBtBpscslirEsBnUfwadlUDWKyijs.

na*

Q Settings^ i * t

^ W ^ l
i-omnoniyirs Session IDs F o r m Transients A u t o m a t i c F o r m Fill Connection Settings Network Connection Advanced Login Report Data Collection Report Types M e t s t a a for Grouping Forms to Exclude Application Technologies Critical Paoes Settings Data Maintenance Reports Dashboard Settings tob Status fllwrr^

USACE ILL NE JAN 07 Test - Properties
± 1 You are hers: Mv Watchfire > websoace Center > SE RCIO > USACE ILL NE 3AM 07 Test - Properties Reports The reports that have been created for this j o b are s h o w n below. R e p o r t s for this Job Module: |AJI ( 3 7 ) 3 Type Applications Authentication Points Control I n v e n t o r y Cookie C o n t e n t s Cookies C u s t o m Compliance Standard C u s t o m Compliance Standard C u s t o m Compliance Standard C u s t o m Compliance Standard C u s t o m Compliance Standard C u s t o m Compliance Standard i: Properties Properties Properties Properties Properties Properties Properties Properties Properties Properties Properties :Delete'3efect^d.Items Oaaci | N<L<t<£3 F i n i s h j

Report Name j @ Applications I H Authentication Points > @ Control Inventory ;@ Cookie Contents j@ Cookies !@ C u s t o m Compliance S t a n d a r d : Adhoc jlH C u s t o m Compliance Standard: Classification :@ C u s t o m Compliance S t a n d a r d : Criticallnfrastructure • B C u s t o m Compliance Standard: ForceProtect \@ C u s t o m Compliance Standard: Operations I S C u s t o m Compliance S t a n d a r d : Personnel

q
r r rr;
G:

Agent §ssmt
Lo^Settjr>gs__ % i Cancel

r

Create New.,

lal-: ," t
J'start I g> at t l

' r r n i . .[^KSL^^T
CjawmcsUfS | 'S) WalcWH wiiww K W „ | Q ttjtw^CaiWttodllW:... ||g]Wjt[hr»cWtbXM-M- [jJMm>Kin:£<e»l-SEMC„, I

• 3 9 O. 5 I M M 0 O

14. Now you will see this screen; now check the box "Make this job available to dashboards" 15. Now "click" on the finish button located at the lower right hand corner of the page.

' 3 WaUMkc WebXM - Mlttosolt Inbtmtr Explorer Eh E* ttw Fjvorlw look tjdp

o

Add""

j^tTttp^^wtcflirtiywobiiri/Joiiopc$-<Jas*isBttng,5,a*i?iob»d-ZP;7fi<yT«J-wrtsiM«-«p7»reio:-4«>lT*5h-»abspa«.«p>w5hi-40&Eyoe-

w

~ »
J ^ t Q

;

f^

e uF^"ir

:

DTaT

~3 £|a> jirts
iQsmkw» <g

* I *'?*—'

| ^ O w * »• ftiftMlS* - S'AOtirt [^SonJtD-

WatJCHflR^I USACE ILL NE JAN 07 Test - Properties
General ProperHes W h a t to Scan Scan Options General Options Servers and Domains

lailJ.WMIIffTCT!

a

± j You are here:

Mv Watchfire > Websoace Center > SE RC1Q > USACE ILL NE JAN 07 Test - Properties

Dashboard Settings

P miiuuiu*mimj]Ai.uiufciui
Dashboard Participation This j o b does n o t participate in any dashboards.

Exclusions
C u s t o m Error Pages Interactive Components Session IDs F o r m Transients A u t o m a b c F o r m Fill Connection Settings N e t w o r k Connection Advanced Login R e p o r t D a t a Collection

Report Types
Meraraq for Grouping F o r m s t o Exclude Application Technologies f $ Cancel

it.

m—~^~
rf'««t| {j} M j J


._J*WBAC5CAN5

:

ESfiack I t J g x t H

Finishg 10:41 *

—————.

,

—-—

;

~

[j5"|VjLfl£dttrina( \<3$'Q%

| ig]WattHr;WabltM5CaW.„| fl tutia: Cmwttud I IMC... j| g j W^ihBre WrtXM- W- tgfrfcraMFI E»rd-StRiC... I

16. Now you should be back at this screen. Now find the job your created and "Run" the job. ** The job may not start right away. Be patient... your job will run when the server has available resources. We have three servers with each sever having the ability to run 4 jobs at a time.

Importance: Attachments:

High AWRAC Concern Discovery Incentive Program 1.0.doc

AWRAC Concern Discovery Incent... Classification: Caveats: NONE UNCLASSIFIED

Sent; Monday, October 30, 2006 9:18 AM

Classification: UNCLASSIFIED Caveats: NONE Please review attached. Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

From: Sent: To: Subject: Signed By: Classification: Caveats: NONE

Monday, February 26J_2QQ7.4:j1 PM ly Web Risk Assessment Cell (AWRAC) (UNCLASSIFIED)"FOIA" (UNCLASSIFIED)

UNCLASSIFIED

-Original Message ruesaay, August (

Subject: FW: Army Web Risk Assessment Classification: UNCLASSIFIED Caveats: NONE FY I

AWRAC) (UNCLASSIFIED)

)eputy Director Army Office of Information Assurance and Compliance

Sent: Tuesday, August 01, 2006 8:40 AM

Subject: RE: Army Web Risk Assessment Cell (AWRAC) (UNCLAS

ED)

Classification: UNCLASSIFIED Caveats: NONE Sir, We had a discussion with the AWRAC team yesterday and are looking into how we will identify those Websites that are .mil's that are not resident behind our reverse proxy server. Additionally we are also going to screen for sites that are contractor operated on the .com domain that contain sensitive Army information that should be on the .mil domain. We will work with the AGNOSC and appropriate commands to get them in compliance.
l

V/R

CI0/G6 NETC ESTA, OIA&C "Our^Armyai^war^ - - Relevant and Ready"

Sent: Sunday, July 23, 2Q06 12:30 PM

Subject: RE: Army Web Risk Assessment Cell (AWRAC) (UNC.

Classification: Caveats: FOUO

UNCLASSIFIED

How can we use this team to also compile a list of severs that may be out there to locate on the APCs. Maybe and additional tasking. Please look into it. ****«"Do what's right,....and risk the consequences!"******

************************************************************************** Digitally signed with a DoD certificate. To download the DoD Root and Medium assurance certificate authorities visit https://dod411.chamb.disa.mil <https://dod411.chamb.disa.mil/>

Sent:

Friday, July 21, 2006 7:11 PM

Subject: Classification: Caveats: NONE

Army Web Risk Assessment Cell (AWRAC) (UNCLASSIFIED) UNCLASSIFIED

Classification: Caveats: *N0TICE: Classification: UNCLASSIFIED Caveats: NONE Sir,

L a t e s t i n f o r m a t i o n of m o b i l i z a t i o n of Army Guard p e r s o n n e l t o support our
2

Web and BLOG OPSEC operations. 10 personnel have been mobilized to support our expanded mission per the CSA. UNCLASSIFIED//FOR OFFICIAL USE ONLY EXECUTIVE SUMMARY 21 July 2006

(U) MOBILIZATION OF ARMY WEB RISK ASSESSMENT CELL TEAM (NETC-EST-I) (U//FOUO)The Army Web Risk Assessment Cell (AWRAC) successfully mobilized 10 members of the Virginia National Guard Data' Processing Unit on 10-21 July 2006 for one year. The team will support AWRAC's mission to monitor official and unofficial web sites for OPSEC violations IAW the CSA's 20 AUG 2005 message. The team processed through Fort Belvoir, and is assigned to NETCOM, with duty at the unit's headquarters at Manassas Armory. Team members have received 90 percent of their initial required training, and will receive additional outside training during the next month. The group has received NETCOM computers, badges and e-mail accounts, and has been task organized under NETCOM EST-A. The armory was provided with two phone lines with DSN capabilities in support of the mission, and the unit voluntarily added a T-1 line. The team has been assigned a range of tasks which will increase web monitoring, refine tracking procedures and streamline notification processes.

PREPARE MEMO MAJ Pam Newbern/NETC-EST-I/703-602-7482 APPROVED BY UNCLASSIFIED//FOR OFFICIAL USE ONLY

COL, GS Director, Office of Information Assurance & Compliance IA & C Directorate, Taylor Bldg

"Our Army at War -- Relevant and

Classification: Caveats: NONE

UNCLASSIFIED

Classification: Caveats: Classification: Caveats: NONE Classification: Caveats: FOUO UNCLASSIFIED UNCLASSIFIED

Classification: UNCLASSIFIED 3

Caveats: NONE Classification: Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED UNCLASSIFIED

4

From: Sent: To: Cc: Subject: Signed By:

Monday, November 13, 2006 11:17 AM

: Army Web Risk Assessment Cell (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE
k We

can be called at

Sent: Thursday, November 09, 2J306 3:36 P * I Subject: Army Web Risk Assessment Cell Importance: High

Sir;

I am working on a Corps Blog engagement plan on behalf of the Corps PAO and I was provided the article that appeared in Military.com. Would it be possible to call you and ask you some questions on your unit? I understand that some of the information on your methods is sensitive but I would appreciate any help you can provide.

v. r.

XVIII Airborne Corps Media Relations

Classification: UNCLASSIFIED Caveats: NONE

From: Sent: To: Cc: Subject: Signed By:

Wednesday, NovemberJ31, 2006 10:04 AM

FW: blogging guidence (UNCLASSIFIED)

C l a s s i f i c a t i o n : UNCLASSIFIED C a v e a t s : NONE P l e a s e r e s e a r c h and respond t h r u me.

S e n t : Wednesday, November 01, 2006 7:05 A M S u b j e c t : b l o g g i n g gu

Sir-

iand I am currently deployed as a security manager atf :enc"iy found your name in the article that ran in the Stars" anc Stripes on 2 9 October about web blogging. I currently have an issue with a soldier who is posting a blog while stationed here. I feel there is too much information being posted (including pictures) but have had a hard time finding any concrete regulations as to what can and cannot be put in a blog. I will attach a link to the blog I'm referring to at the bottom of this message if you'd like to take a look at it. Any guidance you could give would be of great assistance. Thank you for your time.

v/r

2LT, MI CFLCC STB S-2

Classification: UNCLASSIFIED Caveats: NONE

1

From:

Sent: To: Cc: Subject:
Signed By:

Monday, August 07, 2006 5:2 RE: Bfog site question (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

At first blush the site seems a little racist and does not serve the Army well. I will get a more official answer to justify not opening up the site. The soon to be released FM 25-2 does not look like it covers blogs. The next release after this one is already being worked, we may have input to address blogs there.

Sent: Monday, August 07, 200£ Subject: FW-. Blog siteques^orT

Sent: Monday, August 07, Subject: Blog si

I have a request to lift a block on a .com site which is a blog site.^B fas request I pass the site to you for review—is this type of site your team will be looking for? The site is not accessible from GuardNet and I do not plan on lifting the block. Please let us know your thoughts

http://j agman-tfphoenix.blogspot.com/

1

Thank you

NGB-AIS-CO Chief, Network Operations and Security Center

Classification: UNCLASSIFIED Caveats: NONE

2

From: Sent: To: .Subject: Signed By:
Classification: Caveats: NONE UNCLASSIFIED

G SITES (UNCLASSIFIED)

•Original Message Sent: Tuesday, August 29, 2006 10:14 AM

Classification: Caveats: NONE

UNCLASSIFIED

Good Morning, my name J - S ^ M ! worked for AWARC monitoring Army affiliated individual Blog sites. I'm finding a lot of IED damage photos online. I can tell the individual is in the Army by the photo of himself. However, he does not give enough information to locate him through the AKO directory. Can we officially notify him via his blog's contact link? Please give guidance on this issue.

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell (703) 602-6300 (DSN 332) [703) 602-3751 (FAX)

Classification: Caveats: NONE Classification: Caveats: NONE

UNCLASSIFIED UNCLASSIFIED

1

To: Subject: Signed By: Classification: Caveats: NONE UNCLASSIFIED

(UNCLASSIFIED)

--Original Message Sent: Tuesday^AugusT2S^^0Q6 10:54 AM

Subject: Re: INDIVIDUAL BLOG SITES (UNCLASSIFIED) Yes. No problem. Sent from my BlackBerry Wireless Handheld

Original Message

Sent: Tue Aug 29 07:13:49 2006 Subject: INDIVIDUAL BLOG SITES (UNCLASSIFIED) Classification: Caveats: NONE UNCLASSIFIED

Good Morning, my name is J|BI worked for AWARC monitoring Army affiliated individual Blog sites. I'm finding a lot of IED damage photos online. I can tell the individual is in the Army by the photo of himself. However, he does not give enough information to locate him through the AKO directory. Can we officially notify him via his blog's contact link? Please give guidance on this issue.

LMIT Professional Services Information Assurance Directorate NETC-EST-A ill

i

Classification: Caveats: NONE Classification: Caveats: NONE

UNCLASSIFIED UNCLASSIFIED

2

Sent: To: Subject: Signed By: Classification: Caveats: NONE

Tuesday. February 27. 2007 7:37 AM f W : HICKS LETTER (UNCLASSIFIED) Jus.army.mil UNCLASSIFIED

•Original MessageSent: Wednesday, August 30, 2006^11:51 AM

Sub^c^^RE™3
Caveats: NONE Good To Go!

pETTEE^WNcBBflFIED)

Classification: UNCLASSIFIED

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

Sent: Wednesday, August 30, 2006 11:16 AM

Classification: Caveats: NONE

UNCLASSIFIED

Here is a new copy of the letter, send it later today. Thanks,

Please seek approval for it and I will

l

<<...>>

Sent: Wednesday, August 30, 2006 10:40 AM

Jb')
Classification: Caveats: NONE UNCLASSIFIED

<< File: Mr. Hicks.doc >>

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

Classification: Caveats: NONE

UNCLASSIFIED

Classification: Caveats: NONE

UNCLASSIFIED

Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

2

Sent: To: SubjectSigned By:

Tuesday, October 17, 2006 3:46 PM

Blogger

Might want to add

"In one case we found a blog where a soldier posted photos of an Army weapons system that was damaged by enemy attack."

Sent: Tuesday, October 17, 2006 3:32 PM Subject: RE; Associated Press Query (UNCLASSIFIED)

In one incidence, we found a military web site that contained a document listing addresses, room numbers and points of contact of safes that contained classified information. In a second incidence, we found a Bolger who was discussing his duties as a guard, providing pictures of his guard post and discussing the vulnerabilities of his post to include how to exploit them. In a third case we had a soldier that gave so much personal data he endangered his family.

gent: Tuesday, October 17, 2006 2:44 PM Subject: RE: A s s o c i a t e ^ r e ^ Q u e r y (UNCLASSIFIED)

l

Subject: RE: Associated Press Query (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

The reporter would like to have the information by tomorrow or Thursday at the latest. Below are his specific questions. If it is best to answer in person, we will coordinate a phone interview, but the questions stay the same. Who is in the best position to answer these questions, and can it be done electronically?

QUESTIONS:

Sir-

I would like to find out the following information regarding the Army Web Risk Assessment Cell. I would like to speak to someone about these questions or receive e-mail answers:

How large is the operation in terms of personnel? Where do they come from? The Army Web Risk Assessment Cell consists of five distinct Army Teams and several contractors. The Army units include: Ten mobilized National Guard soldiers in Manassas, Virginia, and smaller traditional Guard elements from Texas, Washington, Maryland and a Reserve element from Virginia. The Mobilized soldiers are called up for 1 year and the Guard/Reserve soldiers participate for up to 2 days a month and an additional 15 days during the year.

How successful has the cell been in accomplishing its goal? Very successful, the Cell reviews hundreds of thousands of web pages and blogs every month. Based on the reviews theCell makes several dozen notifications to individuals and unit commanders around the world. These notifications identify the specific material that is deemed inappropriate and asked that the material be taken off the internet. Without giving specifics if that is not possible, what are some of the largest successes it has had in regard to finding sensitive information on public access sites?

For a servicemember that has or is considering blogging, should the be discouraged from it because of this cell? No, the members of the cell are all citizen soldiers who value the protections of the First and Fourth Amendments. We are not a law enforcement or intelligence agency. Nor are we political correctness enforcers. We are simply trying to identify harmful internet content and make the authors aware of the possible misuse of the information by groups who may want to damage Unites States interest. We also point out to people the possible negative effects of posting personal information about themselves and family members on the internet. Some of our cell members are now bloggers due to the great stories and interactions they have experienced during the mission.

What has the overall reaction been to those blogging unofficially that have been contacted because of information on their site? A wide variety of reactions. Some bloggers are 2

grateful because they did not truly understand the potential damage their site could cause. Some bloggers are indignant. They make unfair accusations implying that we are trying to stifle free speech. The majority of people try to be more careful. No one we have contacted has been deliberately trying to harm our soldiers or United States interest. Bloggers and web masters are simply expressing themselves in a wide open forum and want to share their life changing experiences with the rest of the world. The Army encourages soldiers to exercise their rights, under the Constitution. Giving soldiers an outlet for free expression makes happier and more professional soldiers. American soldiers are not shy about giving their opinions and nothing the Web Risk Cell does can dampen that trait.

Thank you,

The AP, founded in 1846, has more than 8,500 subscribers globally. Via satellite and the Internet, AP distributes multimedia services to more than 12 0 countries. With a global network of 240 bureaus, AP provides news in text, audio, video, graphics and photos to more than 15,000 news outlets with a daily reach of 1 billion people worldwide.

V/R

NETCOM/9th ASC Public Affairs Officer

Sent: Tuesday, October 17, 2 006 7; 3 3 AM .

Subject: RE: Associated Press Query (UNCLASSIFIED

Classification: UNCLASSIFIED Caveat s: NONE

sure before we talk with the press that we clear it through the CIO/G6 PAO 'and the NETCOM PAO

3

It is now "come to bubba time" -- I am sure you are aware that the reporter may just be interested in the story or he may be an avid Privacy guru.

We need to make sure - once we get the PAO go ahead -- that we do not slip and give the impression that we are monitoring anything that is private or not in our lane.

Before we talk with anybody please set up a teleconference withrf and}

and myself

Good news - we are getting visibility -- bad news we are getting visibility.

Deputy Director Army Office of Information Assurance and Compliance

Sent: Tuesday, October 17, 2006 10:26 AM

)]ect: RE: Associated Press Query (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE

We are at

Sent: Tuesday, October 17, 2006 10:13 AM

a

Subject: Associated Press Query

Sir -

I have received query about your unit and its mission Press, Richmond. He is interested in following up on

Please send me your contact information.

V/R

Lieutenant Colonel, Virginia Army National Guard Public Affairs Officer

www.virginiaguard.com

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

5

Sent: To: Cc: Subject: Signed By:

Wednesday, November 01, 2006 12:28 PM RE: blogging guidence (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

We had the team scan and review the blog. There doesn't appear to be any glaring OPSEC violations other than a few compound photos with detailed descriptions of what they were looking at including one of a photo of a barracks area that shows barriers surrounding the building, with a vehicle parked right next to the barriers.

Thanks

November Ql, 2006 9:04 AM Subject UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE Please research and respond thru me.

Subject: blogging guidence

Sir-

and I am currently deployed as a security manager at I recently found your name in the article that ran in the Stars and Stripes on 29 October about web blogging. I currently have an issue with a soldier who is posting a blog while stationed here. I feel there is too much information being posted (including pictures) but have had a hard time finding any concrete regulations as to what can and cannot be put in a blog. I will attach a link to the blog I'm referring to at the bottom of this message if you'd like to take a look at it. Any guidance you could give would be of great assistance. Thank you for your time.

My name

v/r

2LT, MI CFLCC STB S-2

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

2

Classification: Caveats: NONE

UNCLASSIFIED

I spoke to the tech for the IA training site today; he is going to put all the training on to a CD and next day it t o ^ P ^ W e should have it by Thursday. It is too big to e-mail and our email cannot be zipped.

Classification: Caveats: NONE

UNCLASSIFIED

l

From: Sent: To: Subject:

.Monday, February 26, 2007 1:31 PM FOIA 1 (UNCLASSIFIED)

Classification: Caveats: NONE

UNCLASSIFIED

To many to send in one e-mail when you are on the vpn can you see the J drive?

Classification: Caveats: NONE

UNCLASSIFIED

Subject:
Classification: Caveats: NONE

FW: Possible Impact of Web Monitoring Mission (UNCLASSIFIED)
UNCLASSIFIED

-Original Message Sent: Tuesday, February 13, 2007 1(T:36 AM

Subject: FW: Possible Impact o Classification: Caveats: NONE UNCLASSIFIED

Monitoring Mission

(UNCLASSIFIED)

FY I

-Original Message Sent: Tue 2/ll/'JUii'/ 5sTi AM

Subject:

•ossiMS impact ot Web Monitoring Mission

(UNCLASSIFIED)

Thanks. We'll put in for an exception. LTC W. Jl • We need to work up an exception request, for the sites, to have NETCOM push up. Original Messaget ;^Monaay^February 12, 2007 5:23 PM

Subject: Possible Impact of Web Monitoring Mission Classification: Caveats: NONE UNCLASSIFIED

(UNCLASSIFIED)

Please be advised the suggested blocking action by JTFGNO could inhibit the Web Searching mission being performed at the Manassas Armory by the VaDPU, as many of the sites listed below are reviewed quite often during the Web Searching mission's operations. Please see the WARNORD from JTFGNO below or at https://www.jtfgno.mil/operations/warnord/2007/WARNORD%2007-003.doc TO: COCOMs/Services/Agencies/Field Activity (CC/S/A/FA) NetOps Centers

I

SUBJECT: JTF-GNO WARNORD 07-003, Blocking Recreational Traffic at the Internet Access Points (IAP) (U/FOUO) REFERENCES: Ref A: JTF-GNO CTO 06-15, 9 August 2006, Directive to Initiate Use of New NetOps Tasking Order Compliance Tool Ref B: McAfee Avert Labs Unveils Predictions for Top Ten Security Threats in 2007 as Hacking Comes of Age (http://www.mcafee.com/us/about/press/corporate/2 006/2 006112 9_08 0000_f.html) 1. (U/FOUO) APPROVAL: JTF-GNO J3, Director of Operations approved this message release. 2. (U/FOUO) ACKNOWLEDGEMENT: All CC/S/A/FAs must acknowledge message receipt within 48 hours through the Communications Tasking Order Compliance Tool in the online Vulnerability Management System (VMS), https://vms.disa.[smil.]mil. 3. (U/FOUO) SUMMARY: JTF-GNO and open source analysis has revealed a significant number of DoD users accessing 12 specific internet sites that have been linked to po'ssible criminal/malicious intent. The sites are considered recreational and are used to post individual information, personal videos and photos, and other files. JTF-GNO will proactively counter this emerging threat by blocking recreational websites hosting malicious media (trojans, phishing and other exploits). This Component-coordinated action will further limit exfiltration of DoD user information caused by malicious code,- limit inadvertent disclosure of sensitive DoD information (OPSEC) ; and continue to shrink GIG exposure to the Internet. Commander, JTF-GNO will factor all Component feedback (due 28 February 2007) into the go/no-go decision prior to implementation. Once approved the JTF-GNO will implement the block at all IAPs on or about 5 March 07. 4. (U/FOUO) BACKGROUND: Unhindered access to non-operational (recreational) sites exposes the NIPRNet to unnecessary avenues of attack. Symantec, McAfee and other open source information throughout 2006 reported exploits, viruses, malware and phishing attributed to common recreational sites. Further, these open sources fault CIOs and CISOs for their lack of security considerations and oversight governing restrictions to recreational sites, even sites known to host malicious code. McAfee listed video sharing (a very popular downloadable item from recreational sites) as the third most significant threat in their Top Ten Security Threats for 2007, see Ref B. Additionally, there have already been inadvertent and intentional critical Operational Security (OPSEC) information losses as well as exfiltration of DoD user information reported from recreational websites like myspace.com and hi5.com. In sum, blocking recreational IPs has several benefits: 1) reduces access to sites hosting malicious code such as trojans, phishing, and exploitation; 2) reduces exfiltration of DoD user information; 3) reduces inadvertent disclosure of sensitive DoD information (OPSEC); and 4) continues "shrinking the operational white space"; all the while ensuring data confidentiality, enhancing network availability, and reducing GIG risk. Based on this assessment, JTF-GNO is implementing a proactive measure to address emerging threats by blocking IPs and IP subnets associated with known problematic recreational websites at the IAPs on or about 5 March 2007. 5. (U/FOUO) CURRENT SITUATION: The JTF-GNO will block recreational traffic at the IAPs on or about 5 March 2007 once feedback from the Components is received. This action only pertains to traffic to and from the Internet and DoD networks, across the IAPs. It will not impact internal NIPRNet to NIPRNet, or SIPRNet traffic. This action does not prevent components from taking more restrictive actions to protect their individual enclaves. This WARNORD is the first initiative concerning blocking recreational IP traffic at the IAPs. JTF-GNO will continue to monitor and analyze the NIPRNet to identify more candidate sites for future potential blocks. In the event that a CC/S/A requires an exception at the IAP, the CC/S/A will complete an IAP Exception Request (located at 2

https://www.jtfgno.mil/operations/portsandprotocols/2 006/PPS_Exception_Req_in structions.doc) and submit the request through their appropriate Ports & Protocols Representative to JTF-GNO POC in paragraph 10, NLT 28 February 2007. 6. (U/FOUO) SPECIFIC ACTIONS: ACTION 1. Components must address any operational concerns to JTF-GNO by 28 February 2007 to be factored into a go/no-go decision by Commander, JTF-GNO. "No Concern" replies should be sent as well. Send all comments to the POC in paragraph 10. ACTION 2. On or about 5 March 2007 JTF-GNO will direct the blocking of the following IPs and Subnets at the IAPs: 208.65.152.0/22 (youtube.com; User-Upload Streaming Video) b. 64.62.253.88 (l.fm; Streaming Audio) c. 66.151.149.64/27 (pandora.com; Streaming Music) 69.17.46.120/29 (photobucket.com; Personal Photo Sharing) 66.11.48.0/20 (photobucket.com; Personal Photo Sharing) 67.134.143.0/24 (myspace.com; Social Networking) g. 204.16.32.0/22 (myspace.com; Social Networking) (myspace.com; Social Networking) h. 216.178.32 0/20 (live365.com; Streaming Radio) 216.235.80.0/20 (hi5.com; Social Networking) j. 204.13.51.241 hi5.com; Social Networking) k. 66.28.245.26 1. 66.28.245.111 (hi5. com,- Social Networking) m. 204.11.105.26 (hi5.com; Social Networking) (metacafe.com; User-Upload Streaming Video) 72.32.103.177 (metacafe.com; User-Upload Streaming Video) 212.150.86.226 (metacafe.com; User-Upload Streaming Video) 209.85.106.24 (metacafe.com; User-Upload Streaming Video) 69.20.95.4 (metacafe.com; User-Upload Streaming Video) 65.61.188.4 (mtv.com, ifilm.com; Streaming Video) 204.74.64.0/18 (mtv.com, ifilm.com; Streaming Video) 206.220.40.0/22 70.42.66.70 (blackplanet.com; User-Upload Streaming Video) 170.224.107.73 (blackplanet.com; User-Upload Streaming Video) 64.93.76.0/24 (stupidvideos.com; User-Upload Streaming Video) 64.202.189.170 (filecabi.com; User-Upload Streaming Video) y. 204.13.51.246 (hi5.com; Social Networking)

d. e. f.

n. o. Pqr. s. t. u.
V.

w.
X.

7. (U/FOUO) CLARIFYING GUIDANCE: All approved DoD to Internet connections registered with the DoD Systems/Networks Approval Process (SNAP) must also implement these blocks at their respective Internet gateway(s). No external Internet Connections are authorized without obtaining the proper waiver LAW DoD Directive 8100.1 "Global Information Grid (GIG) Overarching Policy" and CJCSI 6211.02B "Defense Information System Network (DISN): Policy, Responsibilities And Processes". For further information and to request a waiver, CC/S/A/FAs must use the Systems/Networks Approval Process at https://snap.dod.mil/cap_index.cfm. 8. (U/FOUO) COMPLIANCE: None Send technical questions to the POC in

9. (U/FOUO) TECHNICAL SUPPORT: paragraph 10. 10. is :

(U/FOUO) POINTS OF CONTACT: The primary point of contact for this order

3

V.

Classification: Caveats: NONE Classification: Caveats: NONE Classification: Caveats: NONE

UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED

•<••.

4

Tuesday, HeDruary 27, 2007 1 35.AM FW^ManSalo^T^inpSLTSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

Classification: C a v e a t s : NONE

UNCLASSIFIED

Original
fen^TMonday, November 20, 2006~10:14 AM

rject: FW1~"Mandatory Training --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Please complete this training. Send me your certificates NLT 3 0 November 2006. The sooner the better.

Thanks

ient: Monday, Novemcer ^u,2006 5T2^ AM Subjec^^^^^Mandlflr^^S^flTg --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE Let get this done.

Sent: Sunday, November 19, 2006 10:29 AM ubject: "Mandatory Training --SUSPENSE 12 DECEMBER 2006 (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE ALCON,

This is important -- the DAS -- Director of the Army Staff has directed this training -it will take awhile for you all to finish it. The only one with a test is the module we developed.

Need you to complete the modules and send a copy of the certificate you receive from our module and the fact that you completed the other modules to Joe Metallo.

I can almost guarantee you that we will be forced to reply by name who has taken the training and use has not during the Christmas holidays.

DIVISION Chiefs - - I am holding you responsible for getting your people to take the modules - I do not expect Joe to run around trying to get everyone to do the training.

I have completed the training - it is not difficult and contains some good information. Yes - I passed the test without the answers - - o f course I helped develop the test.

IMPORTANT !!!!!!: You do not want to be the first person to be caught violating one of these rules contained in the training -- the DAC and VCSA have, had it with leaked information and incorrectly marked information -- please heed !!!

Classification: UNCLASSIFIED 2

Caveats: NONE Please note the correct address is

https . //www. g357extranet .army.pentagon.mil/onlinetrainingcourse/introduction.aspx -

Office of Information Assurance and Compliance Army CIO/G-6, NETCOM

From: • Sent ^J To:

^ C Mr NETCOM imber 16 2 " n i 7 • (if

Cc: NETCOl Subject: "Mandate

Training o (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE To all of the above addresses Mandatory Training — Handling Sensitive Information: The DAS has directed that all civilian and military personnel complete a series of modules on Handling Sensitive. Information. Please^print the completion certificate for each module and turn in to before 12 December. You may access the modules at the following address: https://www.g3 57extranet.army.pentagon.mil/onlinetrainingpcourse/introduction.asp <https://www.g3 57extranet.army.pentagon.mil/onlinetrainingpcourse/introduction.asp> me,

Vr 3

Office of Information Assurance and Compliance Army CI0/G6, NETCOM

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

Sent: Subject: Classification: Caveats: NONE

^••••••••1
UNCLASSIFIED

Tuesday, February 27, 2007 1:32 A M F W : Watchfire Starting Dashboard (UNCLASSIFIED)

Classification: Caveats: NONE

UNCLASSIFIED

Good Morning, Due to a glitch in authentication, the initial logon screen to Watchfire will be blank and say that the starting dashboard has been deleted. This is not the case. When the extra dashboards were deleted last Thursday, something happened where Watchfire is not recognizing the AWRAC Dashboard as a starting page. The Watchfire helpdesk is aware of this and are working on a fix. The glitch ties in with the Authentication for the external access link. That being said, when you get to the starting page with the error message, scroll down to the bottom of the page and click on "Go". Even though the drop down menu already says "AWRAC Dashboard", you must click go to actually be brought to it. I will keep everyone informed until resolution is reached.

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

1 AKO IM User Classification: Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED UNCLASSIFIED

1

From: Sent: To: Subject: Classification: Caveats: NONE

ray, heDrn

:

7~32 AM

FW: NE SCANS (UNCLASSIFIED) UNCLASSIFIED

-Original Message Sent: Wednesday, October 11, 2006"3:40 PM

Subject: NE SCANS (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Please go to this folder and assign yourself to the list of NE SCANS,

This is critical to monthly numbers to

Land the

\\132.135.102.11\Shared_Admin\AWRAC\WEBXM SCANS\NE scans.xls <file:///\\132.135.102.11 \Shared Admin\AWRAC\WEBXM%20SCANS\NE%20scans.xls>

Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

From: Sent: To: Subject:

Tuesday, February 27, 2007 11 :T1 AM FW: Case# I f M C T p e r f l H u W t h Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) #rh (UNCLASSIFIED) High image001.jpg

Importance: Attachments:

image001.jpg (10 KB) Classification: Caveats: NONE UNCLASSIFIED

-Original Message S e n t T . ^ ? ^ a ^ ^ S e p t e m b e f " 2 9 , 2006 2:34 PM

Subject: FW: Case# 16098 - Open Issue with Watchfire #rh (UNCLASSIFIED) Importance: High Classification: UNCLASSIFIED Caveats: NONE

(UNCLASSIFIED) -#rh (UNCLASSIFIED)

Make sure we are staying on top of all the issues we are having with Watchfire. Keep me abreast of all issues, because as far as I know, the issue from last week is still open.

Sent: Friday, September 29, 2 006 10:56 Subject: R E ^ C a s e ^ l 6 0 9 8 ^ O p e r i #rh (UNCLASSIFIED) Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

I was_told b y the .IMP here that we are unable to use Live Meeting on these computers, had told ^ H A this in the past when the database needed to be sent to Cananda for analysis. What's the latest on the issues you're having with the system? I have one test scan running to make sure that the 4 servers are talking to eachother. 1

After it's successfully done, I'll send an email out so we can all resume scanning.

Talk soon,

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell A&VTR Analyst

AKO IM User

Sent: Thursday; To: 'Watchfire Support' Subject: RE: Case# 16098 #rh (UNCLASSIFIED)

12 PM

Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE We are having other issues that we believe are H/W platform related. I will have somebody from our team contact you tomorrow with the details. I will be attending a conference tomorrow, but Monday is wide open.

From: Watchfire Support [mailto:support@watchfire.com] Sent: Thursday, September 28, 2006 5:10 PM Subject: RE: Casef #rh 'issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

Just following up again. If this is still a problem can you first verify your build your running? Then can you give me some times you might be available for a live meeting so we 2

can try and resolve it. Thanks

Original M e s s a g e — From: Watchfire Support Sent: Monday, September 25, 2006 4:16 PM Subject: RE: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED)

I would like to see if we could set up a live meeting to verify this. Can you verify you are running build 4.50.1.12? Thanks

Sent: Monday, September 25, 2006 3:49 PM To: Watchfire Support Subject: RE: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE

•MM

Maybe I missed it, but I've not heard from your folks yet. I would like to have the Watchfire support work with a member of my team that was experiencing the problem. We quit around 4PM EST, so I hope we can line something up for tomorrow.

Thanks

From: Watchfire Support [mailto:support@watchfire.com] aent^Friday, Spnt-^mh^r- -JO -;nng 11:13 AM Subject: Case# 16098 - Open Issue with Watchfire (UNCLASSIFIED) -#rh

Helloj

Thank you for contacting Watchfire Technical Support. Your request has been logged in our support database as incident # [16098]. A technical representative is looking into your request and will contact you shortly.

Best regards, Watchfire Technical Support 1 Hines Rd, Kanata, K2K 3C7 ON., Canada www.watchfire.com <http://www.watchfire.cora>

Vote for AppScan(r)! AppScan is nominated for the SC Magazine awards. Show your support by voting for AppScan today! Best Audit/Vulnerability Assessment Solution http://www.scmagazine.com/us/awards/categories/26182/best-audit-vulnerability-assessmentsolution/ Best Managed Security Services http://www.scmagazine.com/us/awards/categories/26161/best-managed-security-services/

Sent: Friday,September o: Watchfire Support Subject: Open Issu?

Classification: UNCLASSIFIED Caveats: NONE Watchfire Support,

I would like to open a ticket regarding an issue we are having. The problem is as follows, issues my group marks a potential concern as noise. When the same ssite is scanned again, the same noise is being picked up as a potential concern again. I don't know if some of the "database" shrinking were doing is effecting this or not however I would like to work towards a resolution for this problem.

If you would like to discuss the details I can have you work directly with a member of my team. 4

Thanks for your support.

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

5

From: Sent: To: Subject:

Tuesday, February 27, 2007 11:31 AM . FW: Case 15854 (UNCLASSIFIED) UNCLASSIFIED /atchfireTJB Only has 15% Free (UNCLASSIFIED) #ac

Classification: Caveats: NONE

-Original Message Sent: Friday, September 15, 2006 2:14 PM

NETCOM Subject: FW: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE FYI....

Please continue to report Watchfire issues through me. According to Watchfire we should be good.

LT

From: Watchfire Support Sent: Fridav^flentembei

[mailto:support@watchfire.com]

Subject: RE: Case 15854 - RE: Watch (UNCLASSIFIED)

e (UNCLASSIFIED) #ac

I have the info I need. into it for me.

There are 3 jobs that haven't deleted properly so dev is looking

This shouldn't be affecting anything within your WebXM usage though.

Regards,
i

Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | support@watchfire.com

Sent: Friday, September 15, 2006 1:24 PM Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE What is the status of this? Thanks

Sent: Friday, September 15, 2006 8:19 AM To: 'Watchfire Support 1 ; Mazur, Gerald A 1LT CI0/G6 Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE Yes, I can do it this morning.

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell A&VTR Analyst

Ajp IM User
2

From: Watchfire Support [mailto:supportOwatchfire:com] Sent: Thursday, September 14, 2006 4:44 PM Subject: RE: Case 15854 - RE:" Watchfire (UNCLASSIFIED) nly'has 15% Free (UNCLASSIFIED) ttac

Just to finalize this can someone run this for me?

select * from job where deletedflag = 1

Thanks,

Watchfire Support | Watchfire Corporation | support@watchfire.com

From: Watchfire Support Sent: Wednesday, September 13, 2006 9:54 AM Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED)

Everything seemed to be in order when I was on the phone with David. There were only 2 jobs that hadn't been deleted yet and that's because they were deleted that day so the background process hadn't gotten rid of them yet. I'll send a query today or tomorrow to make sure that the jobs are gone.

There was 20 GB of free space within the database file itself that f H H R w a s going to reclaim by doing a shrink on the database. I'm not sure if he did that yesterday or not,

At this point, you should be all set so let me know if there are any issues.

Regards, 3

Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | support@watchfire.com

Sent: Wednesday, September 13, 2006 9:11 AM +>• Subject: RE: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE What is the status of this issue?

Thanks

Subject: Case 15854 - RE: Watchfire DB Only has 15% Free (UNCLASSIFIED) #ac

I actually have a case open about this issue with

We've determined that the jobs aren't being deleted properly so that's why the space hasn't been reclaimed after you deleted the jobs.

I'm waiting for the results from a query and then based on that we should have enough info to go on. £ B L S in training but I'll attempt to call him shortly.

Regards, 4

Andrew

Andrew Cranke | Watchfire Support | Watchfire Corporation | support@watchfire.com

Sent: Tuesday, September 12, 200 6 10:18 AM To: Watchfire Support Subject: Watchfire" DB Only has 15% Free (UNCLASSIFIED) Importance: High Classification: Caveats: NONE UNCLASSIFIED

For the past week, the database has grown enormously. At the end of last week, it was 100% full. We deleted 90% of the scans in the webspaces along with old profiles and managed to get 15% of the space free. It's been hovering around 15% since then. Almost daily, ^ B ^ a n d I have been going in and shrinking the DB and running the disk defragmenter to gain whatever we can scrounge up for space. This morning, I went into NETCOM 01 and did my usual shrink and defrag. I noticed that after I did the defrag, that the fragmented files were still there. When I asked 4 ^ H B H H H H V ^ m Y co-worker, to take a closer look at this, he saw that the DB wasn't being defragged after all. Can you take a look at this with me and advise me how to get rid of anything that we may not necessarily need? We have a storage device that is awaiting install, but will take another month or two. I'll be at my desk all day, in case you want to call. Thank you.

LMIT Professional Services Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell A&VTR Analyst

Classification: Caveats: NONE

UNCLASSIFIED

Classification: UNCLASSIFIED 5

Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

To: Subject: Classification: Caveats: NONE UNCLASSIFIED

(UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE And these as well:

US Army Corps of Engineers St. Louis District USACE St. Louis NW SEPT 06 http://www.mvs.usace.army.mil/ <http://www.mvs.usace.army.mil/> US Army Corps of Engineers Rock Island District USACE Rock Is NW SEPT 06 http://www.mvr.usace.army.mil/ <http://www.mvr.usace.army.mil/>

Sent: Thursday, September 07, 2 0 ? T

3 :16 PM

Subject: (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE ALL,

Please send me you sites that you have been working on, the links found (under statistics) and the number links that you have reviewed from each site and if all possible, the number of false positives and actual violations.

New Scans that will run tonight (September 7, 2006) I will assign them out Friday

757th Transportation Battalion 757th Trans BN NW SEPT 06 http://www.usarc.army.mil/88thrsc/3 36_tc/757_tc/ <http://www.usarc.army.mil/88thrsc/336 _tc/757_tc/> 336th Transportation Group NW-336th Trans Grp NW SEPT 06 http://www.usarc.army.mil/8 8thrsc/336_tc/ <http://www.usarc.army.mil/88thrsc/33 6_tc/> Nevada Army National Guard NV ARNG NW SEPT 06 http://www.nv.ngb.army.mi1/Army <http://www.nv.ngb.army.mil/Army>

88th Regional Readiness Group Website 88th RRG NW SEPT 06 http://www.usarc.army.mil/88thrsc/88_rsg/ 88th Regional Readiness Command 88thRRC NW SEPT 06 http://www.usarc.army.mil/88thrsc <http://www.usarc.army.mil/8 8thrso 353rd Transportation Company Unit Web Site 353rd TC NW SEPT 06 http://www.usarc.army.mil/88thrsc/644_asg/457_tc/353_tc/ <http://www.usarc.army.mil/88thrsc/644_asg/457_tc/353_tc/> Stiker BDE Combat Team SBCT NW SEPT 06 2 <http://www.usarc.army.mil/88thrsc/88_rsg/>

http://www.sbct.army.mil <http://www.sbct.army.mil/>

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

3

From: Sent: To: Subject: Classification: Caveats: NONE

fTiesday, February: FW: (UNCLASSIFIED) UNCLASSIFIED

Subject: (UNCLASSIFIED) • Classification: UNCLASSIFIED Caveats: NONE ALL,

Please send me you sites that you have been working on, the links found (under statistics) and the number links that you have reviewed from each site and if all possible, the number of false positives and actual violations.

New Scans that will run tonight (September 7, 2006) I will assign them out Friday

757th Transportation Battalion 757th Trans BN NW SEPT 06 http://www.usarc.army.mil/88thrsc/33 6_tc/757_tc/ _tc/757_tc/> 336th Transportation Group NW-336th Trans Grp NW SEPT 06 http://www.usarc.army.mil/88thrsc/3 36_tc/ <http://www.usarc.army.mil/88thrsc/336_tc/> <http://www.usarc.army.mil/88thrsc/336

Nevada Army National Guard NV ARNG NW SEPT 06 http://www.nv.ngb.army.mil/Army <http://www.nv.ngb.army.mil/Army>

88th Regional Readiness Group Website 88th RRG NW SEPT 06 http://www.usarc.army.mil/88thrsc/88_rsg/ 88th Regional Readiness Command 88thRRC NW SEPT 06 http://www.usarc.army.mil/88thrsc <http://www.usarc.army.mil/88thrso <http://www.usarc.army.mil/88thrsc/88_rsg/>

353rd Transportation Company Unit Web Site 353rd TC NW SEPT 06 http: //www.usarc.army.mil/88thrsc/644_asg/457_tc/3 53_tc/ <http://www.usarc.army.mil/88thrsc/644_asg/457_tc/353_tc/> Stiker BDE Combat Team SBCT NW SEPT 06 http://www.sbct.army.mil <http://www.sbct.army.mil/>

Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

2

From: Sent: To: Subject:

Tuesday, February 27, 2

.9 AM

FW-. Notes from Meeting withTOajor Newbern 7/28 (UNCLASSIFIED)

Classification: Caveats: NONE

UNCLASSIFIED

- O r i g i n a l Message S e n t : Monday" ~™Juli>

Subject: Notes from Meeting with Major Newbern 7/28 (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Team,

Here are some notes I took from our meeting on 7/28...meant to send this out Friday.

* Civilians from team will be working with us more closely starting the week of 7/31. More specifically getting us up to speed on doing scans. * Jl B - will be moving on to a three letter agency. J| •••_>.ill be assuming her role. ^^^^^ * There are other Reserve/Guard units involved with this mission and I'm sure we'll be working with them more closely as the year passes. * * * * USAR at DISA USAR at Delphi NG (Texas) NG (Washington state)

* There will be opportunities forthcoming to go downtown to look at the technologies . in use, i.e. SAN, Backups. NETCOM will be looking for us to make improvements. This will be a great opportunity for the DPU to shine in this mission. One of the first items in this area is the SAM. AWARC was approved to acquire a SAN. ^M MBfe will be going to Crystal City the week of 7/31 ^^^^^••Hr is responsible for providing a report the third of each month. SFC will be coming to you all for input. = Watchfire Web training on 8/9 @ 1300 hours. We are trying to get the url >
' -vj in.

nit will be doing their AT here from 8/7 to 8/15. The concept is i,y will be falling in on our DAHQ laptops to continue the AWARC .ek they will be working from 1630 to 1230 (end time is still TBD). 11 be during the day. We will need to provide a body to work with -ting together a schedule. Please be flexible.

Thanks for the continued hard work.

Classification: UNCLASSIFIED Caveats: NONE Classification: Caveats: NONE UNCLASSIFIED

Subject:

found this on the web (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE http://www.wired.com/news/politics/0,72026-0.html?tw=rss.index

Web Risk Assessment/Information Assurance Analyst

Classification: UNCLASSIFIED Caveats: NONE

1

Importance: Attachments:

High hood.xls; AMC.doc; Findings list.doc

aft] hood.xls
AMC.doc Findings listdoc .

Classification: UNCLASSIFIED Caveats: NONE PAO-- The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. Ten OPSEC concerns were found on your organization's website and have been classified as major findings. The attached spreadsheet contains URLs that are publicly accessible, and are marked FOUO and contain personal information. Please review the attached documents for further guidance, and report resolution of these issue NLT 21 DEC 06. Please contact me if you have questions.
«...» «...» «...»

Information Assurance Directorate NETC-EST-A

AKO IM User Classification: UNCLASSIFIED Caveats: NONE

From: Sent: To: Cc: Subject: Follow Up Flag: Flag Status: Attachments:

Tuesday, January 23, 2007 1 ;02

ARL Response to "48 OPSEC Concerns on Public Website" (UNCLASSIFIED) Follow up Completed ARL-MEMO-25-70.pdf

ARL-MEMO-25-70.p

Classification: UNCLASSIFIED Caveats: NONE

As per our conversation of January 9th, below is the response to your December email, "48 OPSEC Concerns on Public Website." ARL is fully cognizant of the need to follow proper OPSEC procedures, as well as the DA and DoD guidance. In September of 2005, ARL used the established guidances in crafting its own regulations on how material would be published on the external internet site. This policy also « A R L MEMO-25-70.pdf» took into account the need for flexibility to pursue ARL's stated mission as the Army's corporate laboratory, and reflected our dedication as an organization to proper OPSEC procedures. , We recognize that names and contact information are posted on the external server. However, the posted information pertains to recognized POCs for internal lab programs. Quoting the ARL memo, these POCs help ARL "act as the bridge between the science and technology community and the warfighter." The relevant section of the policy is below for your convenience. Additionally, I have attached the full policy in PDF form to this file. With this in mind, ARL believes the content on its internet server is in conformity with the existing guidance. Should you have any immediate questions, you may reach me at 301-394-1889. ARL's Associate for Corporate P r o g r a m s f l B H M H H B f c , oversees the website and may be reached at

ARL Public Affairs Office ARL MEMO 25-70 5. POLICY AND PROCEDURES (2) Content. (b) Information NOT Appropriate or Releaseable (vi) Information of a personal nature which could be used to identify an individual or their location
I

is prohibited with the exception of 1) and 2) below. The consent of an individual does not negate this requirement. All Internet references shall be anonymous with reference to an organization, a generic office symbol, central organization phone number or function-based email address. * 1) The posting of names and contact information for the ARL Director and the ARL Public Affairs Officer is permitted. ** 2) ARL is not an insular organization. Its success hinges on its ability to act as the bridge between the science and technology community and the warfighter. ARL has identified technical topics that are essential to its mission accomplishment and has assigned responsibility to select individuals for communicating with the public in these topical areas. It is in these areas that ARL must effectively collaborate with the public sector. For those individuals designated as technical topic leaders, their duty descriptions and performance objectives designate them as organizational spokespersons and recognized leaders in their specialty fields and they require a high-level of unrestricted national visibility to carry-out their duties. Their duties include: being readily identified and contacted as the Army's lead for discussions of potential new extramural programs in their area of expertise; being sought out to serve on special task forces and committees; being sought as a consultant by other specialists; and receiving invitations and address national professional organizations. Classification: UNCLASSIFIED Caveats: NONE

2

From: Sent: To: Cc: Subject: Attachments:

Wednesday, February 15, 2006 3:25 PM FOUO document (UNCLASSIFIED) AMC.doc; Findings list.doc

AMC.doc (27 KB) "indings list.doc (46 KB)

Classification: UNCLASSIFIED

Caveats: NONE https://iassure.usareur.army.mil/policy/iava/iavaitem.aspx?iavalD=118 IAPM -- The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. An OPSEC concern was found on your organization's website and has been classified as a minor finding. The attached URL is publically accessible, and is marked FOUO. Please review the attached document for further guidance, and report resolution of this issue NLT 22 FEB 06. Please contact me if you have questions.

Asset and Vulnerability Tracking Resource (A&VTR) PM Liaison AWRAC Analyst NETCOM (CIO/G6) 2530 Crystal Drive Arlington, VA 22202 "Press any key....hmmm, where's the any key?" Classification: UNCLASSIFIED Caveats: NONE

From:

Sent: To: Cc: Subject: Importance:
Follow Up Flag: Flag Status: Attachments:

Wednesday, December 20,"2006 3:55 PM ebsite (UNCLASSIFIED)

Follow up Red AMC.xls; AMC.doc; Findings list.doc

AMC.xls

AMC.doc

Findings list.doc

Classification: UNCLASSIFIED Caveats: NONE We have completed the corrections to our public website outlined the AMC.xls file. Thank you, Webmaster, HQ AMC Ft. Belvoir, VA Sent: Thursday, December 14, 2006 11:51 AM To: Public Communications Subject: 20 OPSEC Concerns from AMC Website (UNCLASSIFIED) Importance: High . Classification: UNCLASSIFIED Caveats: NONE Webmaster and PAO - The Army Web Risk Assessment Cell (AWRAC) is currently reviewing U.S. Army Web sites for OPSEC and security compliance. Twenty OPSEC concerns were found on your organization's website and have been classified as a major and minor findings. The attached spreadsheet contains URLs that are publicly accessible. Please review the attached document for further guidance, and report resolution of these issues NLT 21 DEC 06. Please contact me if you have questions. « A M C . x l s » « A M C . d o c » «Findings list.doc» R/, Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

AKO IM User Classification: UNCLASSIFIED Caveats: NONE

2

From: Sent: To: Cc: Subject: Signed By: Attachments:

Monday, February 05, 2007 2:43 PM FW: 2006 Info Paper (UNCLASSIFIED) 2006 AWRAC Synopsis FINAL2.doc

2006 AWRAC ^nopsis FINAL2.doc

Classification: Caveats: NONE Please review and forward to Original Message-

UNCLASSIFIED

Sent: Thursday, February 01, 2Q07 3:40 PM Subjec^^W^OO^InfoPaperUJNCLAS SIFI ED) Classification: Caveats: NONE UNCLASSIFIED

-Original Message

Subj Classification: Caveats: NONE

Paper UNCLASSIFIED

Here's the paper I was taking about. I'll add a couple more of my own points and give some more examples of violations when you email it back to me. Thanks!

Information Assurance Directorate NETC-EST-A Army Web Risk Assessment Cell

AKO IM User Classification: UNCLASSIFIED

Caveats: NONE Classification: Caveats: NONE Classification: Caveats: NONE

UNCLASSIFIED UNCLASSIFIED

INFORMATION PAPER NETC-EST-I 12 JAN 2007 SUBJECT: Army Web Risk Assessment Cell (AWRAC) 1. Purpose. To provide an end of year synopsis to the Senior Leadership regarding the accomplishments of the Army Web Risk Assessment Cell (AWRAC) for 2006. 2. Facts: The AWRAC mission is to search Army Websites and unofficial sites posted by Army personnel for information that could pose a risk to national security on unsecured web sites. In addition, the AWRAC evaluates website content to ensure compliance with departmental policies, federal regulations and procedures, and industry best practices. The AWRAC's core mission consists of website patrolling, bulk analysis, and operational security analysis. 3. The Army Web Risk Assessment Cell (AWRAC) successfully mobilized 10 members of the Virginia National Guard Data Processing Unit on 10-21 July 2006 for one year. The team is leading AWRAC's mission to monitor official and unofficial web sites for OPSEC violations IAW the CSA's 20 AUG 2005 message. The team processed through Fort Belvior, and is assigned to NETCOM, with duty at the unit's headquarters at Manassas Armory. The Team also led the training of 20 additional traditional Guardsmen. During January 2007, the Cell conducted a eight day, 24X7 operation to review a multitude of web sites and blogs. The operation included mobilized soldiers, traditional Guardsmen, Reserve Soldiers, and contractors. The mobilized soldiers are also developing two applications. One will replace the Joint Web Discrepancy Tracking System (JWTDS). The other application will collect information from the disparate reporting tools and present a consolidated view of the web sphere for analyst and members of the Army leadership. 4. For the year ending DEC 2006 the AWRAC reviewed over 1200 official Army websites and over 500 blogs posted by Army personnel. These sites consisted of over four million pages and yielded over 1800 OPSEC concerns. Following identification of potential risks, the AWRAC team worked with the sites' operators to remove information that could pose a security threat. Based on this review the team eliminated or secured over 1274 documented security violations. For example, the discovery and removal of a SECRET document that was posted on the AKO UNCLASSIFIED network. The AWRAC was instrumental in the removal of information on biological, chemical and missile weapon systems throughout the World Wide Web to ensure the safety of the American public and curtail leakage to unauthorized persons. In addition the AWRAC team removed or secured access to For Official Use Only (FOUO) and Freedom of Information Act (FOIA) documents from publicly accessible web sites. This also included removing documents on Army web sites that protected personnel from identity theft of Social Security numbers, dates of birth, home addresses. This single

action totally eliminated significant potential threats to national security and Army personnel. Ongoing reviews keep the AWRAC mission on track and up-to-date. 5. The team reviews over 1700 websites for security concerns two to three times a year. It conducts announced and unannounced assessments of Army websites to determine compliance with regulations. A parallel and continuing AWRAC task is providing education and training to enable relevant audiences and Army personnel to become aware of and preventing/removing potential risks from the extensive and growing number of Army maintained web pages and personal blogs. The team has engaged in a number of outreach programs to increase awareness of the potential damage stemming from information on publicly accessible sites by publishing articles in military and technical publications, training over 2000 personnel on their OPSEC web site https://iatrainins;.us.army.mil since JAN 06, and by developing an Information Assurance Awareness Training Course posted on the IA training site. This training has INFORMATION PAPER NETC-EST-I 12 JAN 2007 SUBJECT: Army Web Risk Assessment Cell (AWRAC) been accessed by over 741 HQDA staff members since JUL 06 IAW the Army IG directive. The AWRAC also supports a website on Army Knowledge Online at https://www.us.army.rnil/suite/portal.do?$p=254224 to provide information on AWRAC issues with over 540 members. 6. This mission is an ongoing endeavor that will require continuous fine-tuning and flexible, innovative tools and procedures to meet the existing and future needs of the Army's web community and public outreach programs. 7. The AWRAC currently employs three full-time analysts, a mobilized 10-member team from the VA National Guard's Data Processing Unit (DPU), and coordinates for support from 30 Army National Guard and Army Reserve soldiers to conduct analyses during their drill weekends and annual training. Currently a request is being processed to NETCOM for an additional year of mobilized manpower support from the VA DPU.

From: Sent: To: Cc: Subject: Signed By: Attachments:

FW: 07Q130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc (UNCLASSIFIED) 070130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc

070130.EXSUM.AW RAC- Analysis... c | a s s i f i c a t i o n ;

UNCLASSIFIED

Caveats: NONE What is the A-Z list ? Where is the site and what is the authority that directs web site owners to register at this site ?

Deputy Director Army Office of Information Assurance and Compliance

-Original MessageSent; Tuesday, January 30, 138 PM

Subject: 070130.EXSUM.AWRAC - Analysis of Army A-Z Websites.doc (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE For your review from LTC Warnock Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

Classification: UNCLASSIFIED Caveats: NONE *NOTICE: Message body content downgraded from previous markings UNCLASSIFIED//FOUO by AnzulewiczPD FYI

Sent: Friday, September 29, 2006 12:01 PM To: DODWEBMASTERS-L@DTIC.MIL Subject: Re: [WEBMASTERS] Army message (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: FOUO Classification: UNCLASSIFIED Precedence: P DTG:281830ZSEP06 From: SAIS-ZA CIO/G-6 Subject: ARMY GUIDANCE IN SUPPORT OF JTF-GNO CTO 06-02 UPDATE 3 (FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS)

TEXT: UNCLASSIFIED// PRECEDENCE TO: PRIORITY PRECEDENCE CC: PRIORITY SUBJECT: ALARACT 180/2006 FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS TEXT:
i

DTG: 281830Z SEP 06

UNCLASSIFIED// THIS MESSAGE HAS BEEN SENT BY THE PENTAGON TELECOMMUNICATIONS CENTER ON BEHALF OF DA WASHINGTON DC CIO/G-6//SAIS-ZA //. SUBJECT: ALARACT 180/2006 ARMY GUIDANCE IN SUPPORT OF JTF-GNO CTO 06-02 UPDATE 3 (FOCUSED EFFORT TO SECURE ARMY NIPRNET WEB SERVERS) References: (U//FOUO) REF/A/ JTF-GNO CTO 06-02/171100Z JAN 06. (U//FOUO) REF/B/ HQDA ALARACT 028/2006 041939Z Feb 06 (U//FOUO) REF/C/ JTF-GNO CTO 06-02A/030013Z FEB 06. (U//FOUO) REF/D/ UPDATE #2 TO JTF-GNO CTO 06-02/251220Z JUL 06. (u//fouo) Ref/E/ JTF GNO CTO 06-13 281600Z JUN 06 (S//REL) REF/F/ JTF-GNO CTO 06-02 UPDATE #3, FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS / 211015Z SEP 06 (SECRET//REL USA GBR CAN AUS//) (U//FOUO) REF/G/ JTF-GNO CTO 06-02 UPDATE #3, FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS -- ABBREVIATED VERSION (UNCLASSIFIED) 1. (U/FOUO) REF A IS JTF-GNO COMMUNICATIONS TASKING ORDER (CTO) 06-02, SUBJECT: TASKS FOR PHASE 1 OF THE ACCELERATED PUBLIC KEY INFRASTRUCTURE (PKl) IMPLEMENTATION. REB B IS HQDA ALARACT 028/2006 FROM CIO/G-6 (SAIS-ZA) DIRECTING ARMY ACCELERATED IMPLEMENTATION OF COMMON ACCESS CARD (cac) CRYPTOGRAPHIC NETWORK LOGON. REF C IS JTF-GNO cto 06-02a, WHICH IS AN UPDATE TO cto 06-02 DEFINING PHASE 1 IMPLEMENTATION TASKS OF ACCELERATED PUBLIC KEY INFRASTRUCTURE (pki) IMPLEMENTATION. REF D IS JTF-GNO UPDATE #2 TO JTF-GNO CTO 0602. REF E IS JTF-GNO CTO 06-13, DIRECTIVE FOR CAC/PKI IMPLEMENTATION - REVISED COMPLIANCE DATES FOR SPECIAL USER GROUPS. REF F IS AN UNCLASSIFIED - ABBREVIATED VERSION OF JTF-GNO CTO 06-02 UPDATE #3 FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS. REF g. IS THE CLASSIFIED UNABRIDGED VERSION OF JTF-GNO CTO 06-02 UPDATE #3 FOCUSED EFFORT TO SECURE NIPRNET WEB SERVERS. 2. (U//FOUO) BACKGROUND. DoD continues to FACE A GROWING THREAT FROM AN INCREASINGLY BROAD SET OF COMPLEX AND CHALLENGING COMPUTER ATTACKS, INCLUDING NOT ONLY VIRUSES, BUT ALSO THREATS FROM SPY WARE, SPAM, ROOTKITS, KEYLOGGERS AND MANY OTHER FORMS OF MALWARE. For more details REFER TO REF F THAT CAN BE FOUND ON THE JTF-GNO SIPRNET WEB SITE: HTTP://WWW.JTFGNO.SMIL.MIL/SlTE/INDEX.CFM?PAGE=CTO2006 . 3. (U//FOUO). MISSION. IN A CONTINUING EFFORT TO PROVIDE A MORE EFFECTIVE INTEGRATED THREAT MANAGEMENT SOLUTION, THIS DIRECTIVE BUILDS ON THE ACTION CONTAINED IN REF B, AND IS FOCUSED ON ACTIONS TO BETTER SECURE PRIVATE DOD WEB SERVERS and web sites. IN ACCORDANCE WITH REF F, JTF-GNO HAS DEFINED A
2

"PRIVATE DOD WEB SERVER" AS A SYSTEM HAVING A WEB-BASED INTERFACE AND ITS CONTENTS ARE INTENDED TO BE ACCESSED ONLY BY USERS ORIGINATING FROM A DOD IP ADDRESS SPACE. THIS DEFINITION INTENTIONALLY DOES NOT INCLUDE WEB SERVERS THAT ALLOW ACCESS FROM OUTSIDE THE .MIL ADDRESS SPACE (E.G. FROM A ".COM" OR ".GOV" ADDRESS). EXAMPLES OF COMMON WEB SERVERS THAT ARE NOT PRIVATE DOD WEB SERVERS INCLUDE AKO (WWW.US.ARMY.MIL), VFRG (WWW.ARMYFRG.ORG), MYPAY (MYPAY.DFAS.MIL), OUTLOOK WEB ACCESS (OWA) MAIL SERVERS, AND PUBLIC INTERNET SERVERS (WWW.ARMY.MIL). IT DOES, HOWEVER, INCLUDE DOMAINS SUCH AS .NDU OR USMA.EDU., WHICH ARE DOD IP ORIGINATING ADDRESSES IF THE INTENT OF THE DOD WEB SERVER IS TO BE ACCESSED EXCLUSIVELY BY USERS COMING FROM DOD IP SPACE AND NO OTHER, THEN IT MEETS THE DEFINITION OF A "PRIVATE DOD WEB SERVER", AND MUST COMPLY WITH THE NEW GUIDANCE. Web servers "dual configured" for both .mil and partitioned for "outside" access, must also be configured in accordance with the applicable guidance for a "private dod web server". THIS APPLIES TO THE WEB-SERVER/SITES WHICH ARE CONFIGURED FOR.MIL ONLY. 4. THE FOLLOWING ACTIONS ARE DIRECTED to be implemented at all army enclaves: 4A. (U//FOUO) TASK 1: CONFIGURATION VALIDATION. 4A.1. ACTION 1. NLT 5 OCT 06 VALIDATE CONFIGURATIONS OF ALL PRIVATE DOD NIPRNET WEB SERVERS TO TRUST ONLY DOD AUTHORIZED CERTIFICATE AUTHORITIES. ORGANIZATIONS MAY ADDITIONALLY CONFIGURE PKI-ENABLED web sites TO USE EXTERNAL CERTIFICATE AUTHORITIES (ECAS) BUT ONLY IN CASES APPROVED BY THEIR DESIGNATED APPROVAL AUTHORITY. AN AUTOMATED CONFIGURATION TOOL IS AVAILABLE ON THE CAC CRYPTOGRAPHIC LOGON (CCL) ARMY KNOWLEDGE ONLINE (AKO) CCL COMMUNITY OF INTEREST (COI) KNOWLEDGE COLLABORATION CENTER (KCC) LOCATED AT: https://www.us.army.mil/suite/page/237211 . DOD WIDE CONFIGURATION INSTRUCTIONS ARE ALSO LOCATED AT H T T P S : / / G E S P O R T A L . D O D . M I L / S I T E S / D O D P K E / and a link to this information is available off of the AKO community of interest KCC. 4A.2. ACTION 2. NLT 5 OCT 06 DISCONNECT ANY NIPRNET WEB SERVER NOT IN COMPLIANCE WITH THIS TASK AND DO NOT RECONNECT IT UNTIL IT IS COMPLIANT. Configuration instructions are located at https://www.us.army.mil/suite/page/237211 . rEPORT THE TOTAL NUMBER OF SERVERS DISCONNECTED, AND SUBSEQUENTLY PROVIDE FOLLOW ON REPORTING IF AND WHEN THEY ARE RECONNECTED. 4A.3. ACTION 3. NLT 4 OCT 06 REPORT THE TOTAL NUMBER OF PRIVATE DOD WEB SERVERS AND THE SERVER OPERATING SYSTEM AFFECTED BY THIS MESSAGE, IAW THE REPORTING GUIDELINES CONTAINED IN PARA 8. 4A.4. ACTION 4. NLT 5 OCT 06 REPORT THE NUMBER OF PRIVATE DOD WEB SERVERS THAT ARE COMPLIANT WITH THIS TASK, AND THE TOTAL NUMBER WITH APPROVED EXTENSIONS. 4B. (U//FOUO) TASK 2 IMPLEMENTATION OF PKI/CAC ACCESS CONTROL. ALL ARMY ENCLAVES WILL ALLOW ONLY CERTIFICATE-BASED CLIENT AUTHENTICATION TO PRIVATE
3

ARMY WEB Sites and servers, USING CERTIFICATES ISSUED BY AUTHORIZED DOD PKI CERTIFICATE AUTHORITIES (PKI/CAC, ECAS). ALL ARMY ENCLAVES WILL COMPLY WITH THE PKI/CAC INITIATIVES BY DATES SPECIFIED IN THIS ALARACT, WITH THE EXCEPTION OF THOSE IDENTIFIED IN THE CTO 06-13 (REF E) WHICH WERE GRANTED AN EXTENSION BY JTF-GNO UNTIL 29 DEC 06. 4B.1. A DOCUMENT ENTITLED "SETTING IIS6 TO REQUIRE CAC IOGON", WAS PREPARED TO ASSIST SYSTEM ADMINISTRATORS IN CONFIGURING MICROSOFT'S INTERNET INFORMATION SERVICES (IIS) WEB SERVER - V6.0 (IIS6) WHICH COMES WITH WINDOWS 2003 SERVER. THIS DOCUMENT IS AVAILABLE ON THE CAC CRYPTOGRAPHIC LOGON (CCL) ARMY KNOWLEDGE ONLINE (AKO) CCL COMMUNITY OF INTEREST (COI) KNOWLEDGE COLLABORATION CENTER (KCC) LOCATED AT: https://www.us.army.mil/suite/page/237211 . WEB APPLICATIONS THAT REQUIRE AUTHENTICATION VIA ACTIVE DIRECTORY USER ACCOUNTS CAN BENEFIT FROM THIS DOCUMENT. HOWEVER, OWA REMAINS A MAJOR EXCEPTION THAT REQUIRES FURTHER RESOLUTION. 4b.2. INTERNET information services web server-v6.0 configuration guidance referenced in paragraph 4B.1. above, is an interim solution. in accordance with ar 25-1 and cio/g-6 memo dated 02 Nov 05, subject: leveraging army knowledge online (AKO) services, the END STATE requirement is for all iis6 web servers to use AKO single sign-on (SSO) NLT 01 FEB 07. CONSISTENT WITH THIS REQUIREMENT, ALL NON-SSO websites are required to submit an AKO SSO application by 15 Oct 06. 4b.3. ALL inward facing servers not using ako cac sso must request a waiver through the a-gnosc, or take steps to change over immediately. 4B.4. ACTION 5. NLT 5 OCT 06 DISCONNECT ANY NON-PKI AUTHENTICATING PRIVATE DOD WEB sites and SERVERS FROM THE NIPRNET. 4B.5. ACTION 6. NLT 5 OCT 06 REPORT THE TOTAL NUMBER OF NONCOMPLIANT WEB sites/SERVERS IAW PARA 8. 4B.6. ACTION 7. NLT 5 OCT 06 REPORT THE NUMBER OF DISCONNECTED ARMY WEB sites/SERVERS IAW PARA 8. 5. (U//FOUO) IMPACT: THESE ACTIONS WILL IMPACT MISSION AND MISSION-SUPPORT Sites NOT PKI-COMPLIANT, AS WELL AS NON-COMMON ACCESS CARD (CAC) HOLDERS WHO MAY REQUIRE ACCESS TO PKI-AUTHENTICATING Sites. NOTE: THE ARMY is working on a SOLUTION FOR INDIVIDUALS WHO ARE NOT ELIGIBLE FOR A COMMON ACCESS CARD IS use of the External Certificate authority (ECA) CERTIFICATES OR DOD PKI SOFT CERTIFICATES. THE ALTERNATIVE SMART CARD (ASC)WILL NOT BE CONSIDERED FOR ISSUANCE TO NON-CAC HOLDERS UNTIL ISSUANCE TO SYSTEM ADMINISTRATORS IS COMPLETED (APPROXIMATELY 7-11 MONTHS). 6. (U//FOUO) COMPLIANCE INSTRUCTIONS: 6.A. (U/FOUO) VERIFICATION. TWO-PERSON INTEGRITY IS REQUIRED TO VERIFY COMPLETION OF THE ABOVE TASKS. ARMY COMPONENTS HAVE LATITUDE TO DETERMINE HOW THEY WILL SATISFY THIS TWO PERSON REQUIREMENT, BUT STRONGLY RECOMMEND THAT THE INFORMATION ASSURANCE MANAGER (IAM) OR DESIGNATED
4

APPROVAL AUTHORITY (DAA) IS INCLUDED IN THE PROCESS. 6.B. (U/FOUO) VALIDATION. ORGANIZATIONS WILL LEVERAGE ANY AND ALL CAPABILITIES TO IDENTIFY NON COMPLIANT SYSTEMS (RED TEAMS, BLUE TEAMS, ETC). 7. (U//FOUO) EXCEPTIONS: 7A. (U//FOUO) REQUESTS FOR EXCEPTIONS WILL BE assessed by the Army global network operations Center (ARMY GNOSC). THE COMMANDER, NETCOM/9TH ARMY SIGNAL COMMAND (ASC) IS BY DELEGATION OF AUTHORITY BY COMMANDER, SMDC/ARSTRAT, THE SMDC/ARSTRAT DEPUTY FOR NETOPS, TO REPRESENT SMDC/ARSTRAT IN COMMUNICATING AND COORDINATING DIRECTLY WITH DOD AND USSTRATCOM REGARDING NETOPS. UNDER THIS AUTHORITY, COMMANDER NETCOM/9TH ASC WILL BE THE FINAL APPROVAL AUTHORITY FOR ARMY EXCEPTIONS. EXCEPTIONS SHOULD BE LIMITED TO THOSE BASED ON VALID OPERATIONAL REQUIREMENTS. REQUESTS FOR EXCEPTIONS MUST BE SUBMITTED TO THE ARMY GNOSC AND MUST INCLUDE A PLAN OF ACTION & MILESTONES FOR MITIGATION/COMPLETION (POA&M) AND A STATEMENT OF OPERATIONAL RISK. 7B. (U//FOUO) IAW JTF-GNO CTO 06-13 (REF E) PRIVATE DOD WEB SERVERS PHYSICALLY LOCATED IN FORWARD DEPLOYED COMBAT ZONES ARE AUTOMATICALLY GRANTED AN EXCEPTION to task 2, AND SHOULD NOT MANDATE PKI/CAC ACCESS CONTROL UNTIL CENTCOM USERS CAN ACCESS THE site/SERVER USING PKI/CAC. HOWEVER, THE OWNERS/ADMINISTRATORS MUST STILL SUBMIT THE POA&M AND STATEMENT OF OPERATIONAL RISK AS REQUIRED IN PARA 7A. 7C. ACTION 8. NLT 5 OCT 06 REPORT THE TOTAL NUMBER OF EXCEPTIONS REQUESTED TO TASKS 1 AND 2, IAW PARA 8. 8. (U//FOUO) REPORTING. REPORTING IS A COMMAND RESPONSIBILITY AND COMMANDERS MUST ENSURE COMPLIANCE. NETCOM IS RESPONSIBLE FOR THE OPERATIONS, DIRECTION AND DEFENSE OF THE LANDWARNET AND THE ARMY'S GLOBAL NETWORK OPERATIONS AND SECURITY CENTER (A-GNOSC) SERVES AS THE ARMY'S EXECUTION ARM FOR NETOPS ACROSS THE LANDWARNET. COMPLIANCE REPORTING WILL BE THROUGH RESPECTIVE NOSCS AND WILL RELY ON THE NETOPS COMMUNITY FOR EXECUTION. THE ARMY GNOSC WILL POST COMPLIANCE REPORTING SLIDES ON THE ARMY NETCROP PORTAL AT: H T T P : / / A R M Y N E T C R O P . A R M Y . S M I L . M I L UNDER THE SIPRNET CTO TAB. REPORTS ARE DUE TO THE A-GNOSC NLT THE DATE OF THE ACTION SUSPENSE.

8A. (U//FOUO) OCONUS: COMMANDS AND ORGANIZATIONS WILL REPORT ALL ISSUES AND COMPLIANCE ASSOCIATED WITH THE EXECUTION OF THESE TASKS TO THEIR RESPECTIVE THEATER NETWORK OPERATIONS AND SECURITY CENTER (TNOSC). OCONUS TNOSCS WILL CONSOLIDATE REPORTS FROM THEIR RESPECTIVE THEATER AND PROVIDE REPORTS TO THE ARMY GNOSC. 8B. (U//FOUO) CONUS: COMMANDS AND ORGANIZATIONS RESIDING ON/LOCATED ON, OR SUPPORTED BY A GARRISON OR INSTALLATION, WILL REPORT ALL ISSUES AND
5

COMPLIANCE ASSOCIATED WITH THE EXECUTION OF THESE TASKS TO THEIR RESPECTIVE DOIM. DOIMS WILL CONSOLIDATE AND REPORT COMPLIANCE TO THEIR RESPECTIVE REGIONAL RCIO. EACH CONUS REGIONAL RCIO (SE, NE, SE, SW) is responsible for all doims within their geographic region, and WILL PROVIDE THEIR RESPECTIVE COMPLIANCE REPORTS TO THE CONUS TNOSC. THE CONUS TNOSC WILL CONSOLIDATE AND PROVIDE COMPLIANCE REPORTS (BY REGION) TO THE ARMY GNOSC. aC. (U//FOUO) FUNCTIONAL COMMANDS / RCIOS: FUNCTIONAL RCIOS ARE RESPONSIBLE FOR THE EXECUTION AND REPORTING FOR THEIR RESPECTIVE COMMANDS. EACH FUNCTIONAL COMMAND WILL ACCOUNT AND REPORT FOR ALL ORGANIZATIONS AND UNITS WITHIN THEIR COMMAND REGARDLESS OF GEOGRAPHIC LOCATION AND PROVIDE COMPLIANCE REPORTS TO THE ARMY GNOSC. THE FUNCTIONAL COMMANDS RESPONSIBLE FOR REPORTING ARE: 1NSCOM, MEDCOM, MEPCOM, NGB, USAR, USACE, HRC, ARMY PUBLISHING AGENCY, ACCESSIONS, AMC, U.S. MILITARY ACADEMY, AND ENTERPRISE APPLICATIONS. 8D. (U//FOUO) PROGRAM EXECUTIVE OFFICES (PEOS): PEOS ARE RESPONSIBLE FOR THE EXECUTION AND REPORTING FOR THEIR RESPECTIVE PROGRAMS OF RECORD (PORS). EACH PEO WILL ACCOUNT AND REPORT FOR ALL RESPECTIVE PORS REGARDLESS OF GEOGRAPHICAL LOCATION AND PROVIDE COMPLIANCE REPORTS TO THE ARMY GNOSC. THE PEOS RESPONSIBLE FOR REPORTING ARE: EIS, C3T, CS/CSS, GCS, IEW&S, MS, SOLDIER, STRI AND AVIATION. 8E. (U//FOUO) ANY UNIT OR ORGANIZATION NOT CLEARLY IDENTIFIED WITHIN THE REPORTING PARAGRAPH WILL SEEK TO RESOLVE THROUGH THEIR OPFRATIONAI CHANNFIS IF AN ISSUE CANNOT BERESOLVED^QNTACT L T C « BAT J@US.ARMY.MIL O R ^ I@US.ARMY" JLUTION. 8F. POC FOR COMPLIANCE REPORTING IS AS FOLLOWS: MS' 1stiocmd.army.smil.mil, DSN (312) 235-2604/COMMERCIAL 703 706-2604 AFTER HOURS: A2TOC BATTLE CAPTAIN DSN: 235-1113 /COMMERCIAL 703 706-1113 9. POCS FOR OVERALL COORDINATION OPERATIONS OFFICER ARMY GNOSC t@US.ARMY.SMIL.MI CURRENT US.ARMY.MIL

DSN: (312) 235-1291/COMMERCIAL 703 706-1291 OR M A J ( P ) M U CIO/G6 OPERATIONS CELL, COMM: 703-692-9761. DSN: 2 2 2 - T O T 7 E M A T T ^ i@ HQDA.ARMY.MIL / ^ mHQDA-S.ARMY.SMIL.MIL . Classification: UNCLASSIFIED Caveats: FOUO —Original MessageSent: Friday, September 29, 2006Tfl38 AM To: DODWEBMASTERS-L@DTIC.MIL
6

Subject: Re: [WEBMASTERS] Army message I just received an AKO alert about this. In case anyone else is looking for the message mentioned below, here's the link: https://www.us.army.mil/suite/doc/6309174

-Original MessageSent: Thursday, September 28, 2006 1:05 PM To: DODWEBMASTERS-L@DTIC.MIL Subject: [WEBMASTERS] Army message I've heard there's an Army message in response to update 3 of JTFGNO CTO 06-02, but both of the POCs in my chain of command are out of the office this week. Can someone forward the message to me?

Thanks

*********

FAQ & Subscription info: http://www.dod.mil/webmasters/faq/
*********

4

FAQ & Subscription info: http://www.dod.mil/webmasters/faq/ Classification: UNCLASSIFIED Caveats: FOUO
*********

FAQ & Subscription info: http://www.dod.mil/webmasters/faq/ Classification: UNCLASSIFIED Caveats: NONE

7

Subject:

FW: Article on Opsec (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE Our first response for the news article.

Sent: Saturday, October 14, 2006 3:13 PM To: NETCOM Army Web Risk Assessment Cell Subject: Article on Opsec I read your article a few days ago and after doing so felt some concerns about the unit that you have monitoring non department of defense personal communications of uniformed personnel. First, l think it would have been appropriate for you to mention in your article that you have procedures to safeguard the constitutional rights of uniformed personnel to freely express their views in a non military context. The second problem is about the two soldiers you featured in your article who say they take their mission to ferret out violators of OPSEC seriously because its personal with them. If its personal than they should not be doing that job. It's positive to be motivated to do a good job and even a little zeal is a good thing. Being a fanatic is not a good thing. You might want to share with those two soldiers in your anti OPSEC unit the news's story about the young Marine who is being nominated for the Congressional Medal of Honor. In that story he was killed a month later doing the same heroic acts that lead to his nomination. The news story related that when his parents were notified about his death, they and other family were shocked that he had done those things. Here's a what if scenario. Lets say uniformed personnel feel don't free to communicate with family members about what they or their unit is doing because someone is monitoring their personal communications. So a soldier or marine who might communicate with a father or uncle that they are bravely leading their squad whenever they confront a terhorist threat might raise a level of concern with the family. The family could follow through by contacting the commander of their son's unit through the chain of command and request more information. That sort of thing might motivate the unit commander to consider this family's concerns resulting in their son not being awarded the Medal of Honor, but being alive and well for the rest of his life. So do you keep soldiers alive by shutting down the flow of communications to a family or in fact kill them faster? One last thing. I think that the enemy can gather all the intelligence they need on the ground and

don't have to worry about surfing the net to get that information. If you are really concerned about OPSEC than send your personnel to the Middle East and have them agressivly hunt down enemy personnel, interrogate suspicious civilians, etc instead of wasting their time in front of a computer surfing the net and harrassing brave young Americans with threatening e-mails.

2

Subject:

FW: AWRAC discussion (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Web Risk Assessment/Information Assurance Analyst

some of the comments from the Military.com discussion board on the AWRAC story.

Check These Out: Buddy Finder <http://www.military.com/Military/Locator/New/Splash> | Videos <http://shock.military.com/Shock/home.do> | PhotoCenter <http://photocenter.military.com/smugmug/home.do> | SpouseBUZZ <http://www.spousebuzz.com/> j My Friend Network <http://myfriends.military.com/friendnetwork/myFriends.do> | News <http://www.military.eom/News/Horne/0,,,00.html> | Military Equipment <http://tech.military.com/equipment/home.do> <http://forums.military.com/eve> Military.com <http://www.military.com/> <http://forums.military.com/groupee_common/platform_images/blank.gif> Military.com Forums <http://forums.military.com/eve/forums> Hop To Forum Categories <javascript:void(0);> Hot Topics & Current Events <http://forums.military,com/eve/forums/a/cfrm/f/8"1519858> Hop To Forums <javascript:void(0);> In the News <http://forums.military.eom/eve/forums/a/frm/f/672198221> <http://forums.military.com/groupee_common/platfomn_images/blank.gif> Army Monitors Soldiers' Blogs Page 1 2 <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001/p/2> 3 <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001/p/3>
i

Moderators: BloodThirstyWench <javascript:void(0)> , dmuhler <javascript:void(0)> , DrillVietnamVet <javascript:void(0)> , OldAFcop <javascript:void(0)> , snake021 <javascript:void(0)> Go <http://forums.military.com/groupee_common/platform_images/blank.gif> New <http://forums.military.com/groupee_common/platform_images/blank.gif> Find <http://forums.military.com/groupee_common/platform_images/blank.gif> Notify <http://forums.military.com/groupee_common/platform_images/blank.gif> Tools <http://forums.military.com/groupee_common/platform_images/blank.gif> Reply <http://forums.military.com/groupee_common/platform_images/blank.gif> <http://forums.military.com/groupee_common/platform_images/blank.gif> Admin <http://forums.military.com/groupee_common/platform_images/blank.gif> New PM! <http://forums.military.com/groupee_common/platform_images/blank.gif>

Personal Zone <http://forums.military.com/eve/personal> D Military.com Forums <http://forums.military.com/eve/forums>


Profile <http://forums.military.com/eve/personal?x_myspace_page=profile> Buddies <http://forums.military.com/eve/personal?x_myspace_page=buddies> Ignore List <http://forums.military.com/eve/personal?x_myspace_page=ignore_list> Groups <http://forums.military.com/eve/personal?x_myspace_page=groups> Permissions <http://forums.military.com/eve/personal?x_myspace_page=permissions> Private Messaging <http://forums.military.com/eve7a-ugtpc> Notifications <http://forums.military.com/eve/personal?x_myspace_page=subscriptions> Karma <http://forums.military.com/eve/personal?x_myspace_page=karma> Preferences <http://forums.miHtai7.com/eve/personal7x_myspace_page-uprefs> Favorites <http://forums.military.com/eve/personal? x_myspace_page=ufav&x_myspace_module=forums>
2

More... <http://forums.military.com/eve/personal?x_myspace_page=profile>

Discussion <javascript:void(0);> Poll <javascript:void(0);> Private Message <javascript:void(0);> Keyword Search Search current forum only

Advanced Search <http://forums.military.com/eve/forums?a=srchf> New Since your Last Visit <http://forums.military.com/eve/forums?a=nslv> Today's Active Topics in this Category <http://forums.military.com/eve/forums?a=tat&c=81519858> Add to My Favorites <javascript:void(0);> Printer Friendly Format <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001/p/1/xsl/print_topic> Email a Friend <javascript:void(0);> Help <javascript:void(0);> Manage Topic <javascript:void(0);> Manage Content in This Topic <http://forums.military.com/eve? a=cp&x_show_template_page=afrmcntmgmt&x_show_searchby=topic_posts&x_show_template_mo dule_oid=600106&x_show_topic_oid=1880072590001 &x_show_forum=672198221 > Manage Members <http://forums.military.com/eve/cp? x_show_template_page=ammgmt&x_show_template_module_oid=500106> Online Now <http://forums.military.com/eve/cp? x_show_template_page=aolnow&x_show_template_module_oid=500106> Control Panel <http://forums.military.com/eve/cp>

i

Login/Join <http://forums.military.com/eve/login> Welcome, [Logout <http://forums.military.com/eve/logout> ]

TeamAmerica <javascript:void(0)> Member Picture of TeamAmerica<http://www.themoviespot.net/images/image91 .jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=1880072590001* 1880072590001 > Posted Mon 30 October 2006 11:52 Mon 30 October 2006 11:52 RE: http://www.military.com/NewsContenV0.13319,117978.00.html

Posts: 1377 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=7210097830001 > | Registered: Sat 17 December 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=1880072590001 &t=1880072590001 &f= 672198221>

scooter_mech <javascript:void(0)> Member Picture of scooter_mech<http://i12.photobucket.com/albums/a241/skywise8/images.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221 /m/1880072590001 ?r=6850082590001 # 6850082590001> Posted Mon 30 October 2006 12:19 Mon 30 October 2006 12:19 Hide Post <javascript:void(0);> "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family." This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....
i

Posts: 1651 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=3470063020001> | Registered: Fri 09 September 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=6850082590001 &t=1880072590001 &f= 672198221>

Ignored post by scooterjnech <javascript:void(0)> posted Mon 30 October 2006 12:19 Mon 30 October 2006 12:19 Show Post <javascript:void(0);>

Dutch_Shaulis <javascript:vbid(0)> Basic Training Picture of Dutch_Shaulis<http://forums.military.com/groupee_files/avatars/5/6/1/5610023290001/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=6020092590001# 6020092590001 > Posted Mon 30 October 2006 12:26 Mon 30 October 2006 12:26 Hide Post <javascript:void(0);> Got to agree with Scooter on this one. Let's not give our enemies anymore information especially unit routes. Where's the common sense here? Remember the "Loose Lips Sink Ships", think they need to start reinforcing that again!! "Retired Navy and Damn Proud of it!!!"

Posts: 19 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=5610023290001 > | Registered: Thu 12 October 2006 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript;void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=6020092590001 &t=1880072590001 &f= 672198221>

Ignored post by Dutch_Shaulis <javascript:void(0)> posted Mon 30 October 2006 12:26 Mon 30 October 2006 12:26 s

Show Post <javascript:void(0);>

cinlurker <javascript:void(0)> Member <http://forums.military.eom/eve/forums/a/tpc/f/672198221 /m/1880072590001 ?r=7920092590001# 7920092590001> Posted Mon 30 October 2006 12:36 Mon 30 October 2006 12:36 Hide Post <javascript:void(0);> quote: Originally posted by scooter_mech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family." This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES... IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

Posts: 408 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=6310095620001 > | Registered: Wed 12 October 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=7920092590001 &t=1880072590001 &f= 672198221>

Ignored post by cinlurker <javascript:void(0)> posted Mon 30 October 2006 12:36 Mon 30 October 2006 12:36 Show Post <javascript:void(0);>

G

outlaws93 <javascript:void(0)> Experienced Member Picture of outlaws93<http://forums.military.com/groupee_files/avatars/8/3/7/8370097510001/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=6640092590001 # 6640092590001> Posted Mon 30 October 2006 12:51 Mon 30 October 2006 12:51 Hide Post <javascript:void(0);> quote: Originally posted by cinlurker: quote: Originally posted by scooter_mech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family." This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES... IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

sure and it was monatered... they didnt see everything and anything they didnt need to see\know about....

<http://i45.photobucket.com/albums/f53/outlaws93/15.gif>

Posts: 9870 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=8370097510001> | Registered: Thu 18 August 2005
7

Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=6640092590001 &t=1880072590001 &f= 672198221>

Ignored post by outlaws93 <javascript:void(0)> posted Mon 30 October 2006 12:51 Mon 30 October 2006 12:51 Show Post <javascript:void(0);>

TheGoodOne <javascript:void(0)> Member <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=5150092590001 # 5150092590001> Posted Mon 30 October 2006 12:56 Mon 30 October 2006 12:56 Hide Post <javascript:void(0);> Roll Eyes<http://forums.military.com/groupee_common/emoticons/icon_rolleyes.gif> When they are done here, they need to focus on those responsible for letting our enemies inside our own country.

Posts: 371 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=3331938856> | Registered: Thu 19 June 2003 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=5150092590001 &t=1880072590001 &f= 672198221>

Ignored post by TheGoodOne <javascript:void(0)> posted Mon 30 October 2006 12:56 Mon 30 October 2006 12:56 Show Post <javascript:void(0);>

cafedad <javascript:void(0)> Basic Training Picture of cafedad<http://forums.military.com/groupee_files/avatars/3/1/6/3161999416/avatar.bmp> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=9960092590001 #
8

9960092590001> Posted Mon 30 October 2006 13:18 Mon 30 October 2006 13:18 Hide Post <javascript:void(0);>

quote:
Let's not give our enemies anymore information especially unit routes. Where's the common sense here? Remember the "Loose Lips Sink Ships", think they need to start reinforcing that again!! "Retired Navy and Damn Proud of it!!!"

Your right Dutch, Loose lips... what happend to OPSEC?? Just because we have a younger Army doesn't mean the "old school" ways are not still in use. THINK SOLDIERS, THINK!!!!

Posts: 24 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=3161999416> | Registered: Tue 28 January 2003 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=9960092590001 &t=1880072590001 &f= 672198221>

Ignored post by cafedad <javascript:void(0)> posted Mon 30 October 2006 13:18 Mon 30 October 2006 13:18 Show Post <javascript:void(0);>

GroovyLady <javascript:void(0)> Member Picture of GroovyLady<http://forums.military.com/groupee_common/platform_images/avatars/set1/59.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=1720003590001 # 1720003590001> Posted Mon 30 October 2006 13:48 Mon 30 October 2006 13:48 Hide Post <javascript:void(0);> yeah, and, we get tours of Russia's nuclear facilities and weapons manufacturers.
9

quote: Originally posted by cinlurker: THERE MIGHT BE A FEW INSTANCES WHERE A SERVICE PERSON DOES SOMETHING STUPID BUT THEN SOME COLONEL OR GENERAL DECIDED TO LET THE CHINESE LOOK AT SOME OF OUR MILITARY BASES... IF THAT DOESN'T TAKE THE CAKE FOR "DUMB" NOTHING DOES.

Posts: 2018 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=9510032630001 > | Registered: Mon 05 December 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=1720003590001 &t=1880072590001 &f= 672198221>

Ignored post by GroovyLady <javascript:void(0)> posted Mon 30 October 2006 13:48 Mon 30 October 2006 13:48 Show Post <javascript:void(0);>

rd350 <javascript:void(0)> Member Picture of rd350<http://forums.military.com/groupee_files/avatars/2/8/4/284106245/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=1990092590001 # 1990092590001> Posted Mon 30 October 2006 13:56 Mon 30 October 2006 13:56 Hide Post <javascript:void(0);> quote: yeah, and, we get tours of Russia's nuclear facilities and weapons manufacturers.

Not that far off the mark.
10

http://travel2.nytimes.eom/2006/10/15/travel/15transiran.html "An Invitation From Iran: Inspect It for Yourself If you have ever wanted to see the inside of a pressurized nuclear reactor plant, Iran could be the next adventure vacation for you." personally myself? BTDT

Posts: 241 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=284106245> | Registered: Thu 27 January 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http.7/forums.military.com/eve/forums?a=ma&m=1990092590001 &t=1880072590001 &f= 672198221>

Ignored post by rd350 <javascript:void(0)> posted Mon 30 October 2006 13:56 Mon 30 October 2006 13:56 Show Post <javascript:void(0);>

8718368 <javascript:void(0)> Member Picture of 8718368<http://forums.military.com/groupee_files/avatars/1/2/0/1200019240001/avatar.JPG> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=4930003590001 # 4930003590001> Posted Mon 30 October 2006 14:05 Mon 30 October 2006 14:05 Hide Post <javascript:void(0);> Well, I see no problem in enforcing OPSEC. The only problem some soldiers seem to have is just ambigous rules. Clear those up and everyone will be happy, especially those serving in FOBs and active combat zones. In God we Trust, Scott

Posts: 52 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=1200019240001 > | Registered: Fri 06 January 2006 n

Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=4930003590001 &t=1880072590001 &f= 672198221>

Ignored post by 8718368 <javascript:void(0)> posted Mon 30 October 2006 14:05 Mon 30 October 2006 14:05 Show Post <javascript:void(0);>

GroovyLady <javascript:void(0)> Member Picture of GroovyLady<http://forums.military.com/groupee_common/platform_images/avatars/set1/59.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=2240003590001 # 2240003590001 > Posted Mon 30 October 2006 14:09 Mon 30 October 2006 14:09 Hide Post <javascript:void(0);> the American public's plan might call for a quick withdrawal and a series of appeasement measures to get our troops out of Iraq. However, that's not the Jihadist's plan. We leave Iraq; they will continue to hunt our troops here and abroad. 1989 and then from 1993 - 2000 they've demonstrated they're quite capable of attacking our troops while our troops are not under a wartime command. Obviously, jihadists realize they can't take us down quickly. They will have to simulataneously attack our economy, attack our foreign policies/diplomatic efforts, attack the popular will of the people in our country (i.e. using enemy propaganda as valid news sources, etc.) and get busy weakening our defense systems, the largest component of our defense system are our troops. At the time of Alexander the Great's crusade to conquor Persia; the Perisan military's strongest core of fighters were Greek mercenaries whom the Persians paid quite well. Regardless that Alexander unified Greece and became the leader of the Greek states; many Greeks still got bought and fought on the side of their countrymen's enemy, the Persians. it wouldn't surprise me in the least to see our enemy employ that tactic again, hence, the necessity of blog monitoring/security to minimize risk of exposing our troops and their families to the threat of our enemy, would kind of suck for a troop's spouse, child or parent (or even close friends) to get kidnapped with the ransom being the soldier's submission to fight the jihad against us Americans.

Posts: 2018 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=9510032630001 > |
12

Registered: Mon 05 December 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=2240003590001 &t=1880072590001 &f= 672198221>

Ignored post by GroovyLady <javascript:void(0)> posted Mon 30 October 2006 14:09 Mon 30 October 2006 14:09 Show Post <javascript:void(0);>

rd350 <javascript:void(0)> Member Picture of rd350<http://forums.military.com/groupee_files/avatars/2/8/4/284106245/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=2010013590001 # 2010013590001> Posted Mon 30 October 2006 14:16 Mon 30 October 2006 14:16 Hide Post <javascript:void(0);> This is an interesting topic (the topic is bioggin soldiers, isn't it?) D being out for so long, I am amazed that blogging and email are so commonplace, bu considering the emotional cost of being separated from family, if this technology can help, it has to make the troops more effective. On the other hand, I have seeen all too many disturbing videos that anyone could use to characterize our men as cowboys, and iDm sure there are less than positive rantings on the blogs. WeDve opened the www.pandorasbox <http://www.pandorasbox/> now and pulling back the reigns would be hard. We had deployments where we didnDt even see (snail) mail or phone calls or anything for more than • a month. I also remember the excitement of spending nearly $30 US in 1975 dollars to be able to call home as soon as we hit port.. In that relative light, being allowed ot email once a day seems (in retrospect) to be a luxury.

Posts: 241 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=284106245> | Registered: Thu 27 January 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=2010013590001 &t=1880072590001 &f= 672198221>

13

Ignored post by rd350 <javascript:void(0)> posted Mon 30 October 2006 14:16 Mon 30 October 2006 14:16 Show Post <javascript:void(0);>

TrolH 16 <javascript:void(0)> Basic Training <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=3560003590001 # 3560003590001> Posted Mon 30 October 2006 14:46 Mon 30 October 2006 14:46 Hide Post <javascript:void(0);> It sure seems to me that the potential here should not be over looked. What a fantastic opportunity to invite some of our friends to an ambush.

Posts: 17 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=3320011070001 > | Registered: Mon 29 May 2006 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=3560003590001 &t=1880072590001 &f= 672198221>

Ignored post by TrolH 16 <javascript:void(0)> posted Mon 30 October 2006 14:46 Mon 30 October 2006 14:46 Show Post <javascript:void(0);>

juice68 <javascript:void(0)> Member <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=5760013590001 # 5760013590001> Posted Mon 30 October 2006 15:44 Mon 30 October 2006 15:44 Hide Post <javascript:void(0);>
14

quote: In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family."

seems like its commonsence not to do that kind of thing, what was he thinking'!! duh!!

Posts: 2024 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=4570008460001> | Registered: Mon 24 April 2006 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=5760013590001 &t=1880072590001 &f= 672198221>

Ignored post by juice68 <javascript:void(0)> posted Mon 30 October 2006 15:44 Mon 30 October 2006 15:44 Show Post <javascript:void(0);>

rd350 <javascript:void(0)> Member Picture of rd350<http://forums.military.com/groupee_files/avatars/2/8/4/284106245/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=2530023590001 # 2530023590001> Posted Mon 30 October 2006 16:41 Mon 30 October 2006 16:41 Hide Post <javascript:void(0);> both my grandfather (WWI horse cavalry) and my Dad (WWII, Seabee) had their mail censored and heavily edited. the technology is there to flag word strings and graphics. What I'm seeing as the most counterproductive are the digital videos being floated around.

Posts: 241 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=284106245> |
is

Registered: Thu 27 January 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=2530023590001 &t=1880072590001 &f= 672198221>

Ignored post by rd350 <javascript:void(0)> posted Mon 30 October 2006 16:41 Mon 30 October 2006 16:41 Show Post <javascript:void(0);>

mcgreer <javascript:void(0)> Member <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=3730023590001 # 3730023590001> Posted Mon 30 October 2006 16:44 Mon 30 October 2006 16:44 Hide Post <javascript:void(0);> quote: Originally posted by scooterjmech: "In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other Soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family." This is not the kind of info that should NOT fall into enemy hands. What do you think, TeamAmerica since this is your thread....

I don't think it's OPSEC the DoD is worried about. We've been blogging since the beginning of the invasion and occupation.

Posts: 845 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=2800025140001 > | Registered: Sat 31 December 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=3730023590001 &t=1880072590001 &f= 672198221>
16

Ignored post by mcgreer <javascript:void(0)> posted Mon 30 October 2006 16:44 Mon 30 October 2006 16:44 Show Post <javascript:void(0);>

Copper71 <javascript:void(0)> Member Picture of Copper71 <http://forums.military.eom/groupee_files/avatars/9/8/0/9800001090001/avatar.png> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=6630053590001# 6630053590001> Posted Mon 30 October 2006 19:31 Mon 30 October 2006 19:31 Hide Post <javascript:void(0);> Remember that old WW2 saying, "Loose lips sink ships." Those words are as true today as they were then. If anyone thinks the enemy isn't logging in to the blogs, they had better shake their heads. Sometimes the bloggers go overboard with the information they post. The reason they get generous with info, can be anything from trying to impress a woman/man, dazzle mom & dad or just plain DUMB. There is something to be said for some censorship.

Posts: 102 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=9800001090001 > | Registered: Sun 01 October 2006 Reply With Quote <javascript;void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=6630053590001&t=1880072590001 &f= 672198221>

Ignored post by Copper71 <javascript:void(0)> posted Mon 30 October 2006 19:31 Mon 30 October 2006 19:31 Show Post <javascript:void(0);>

Schistosome <javascript:void(0)> Member Picture of Schistosome<http://forums.military.com/groupee_files/avatars/9/9/0/9900030290001/avatar.jpg>
17

<http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=8950043590001 # 8950043590001> Posted Mon 30 October 2006 20:05 Mon 30 October 2006 20:05 Hide Post <javascript:void(0);> with all the training we receive... what made his dumb *** blog such critical stuff??? what next... yes monitor it and stop this nonsense, we can blog on the safe stuff.

Posts: 73 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=9900030290001> | Registered: Wed 11 October 2006 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=8950043590001 &t=1880072590001 &f= 672198221>

Ignored post by Schistosome <javascript:void(0)>cposted Mon 30 October 2006 20:05 Mon 30 October 2006 20:05 Show Post <javascript:void(0);>

megreer <javascript:void(0)> Member <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=5060043590001# 5060043590001> Posted Mon 30 October 2006 20:06 Mon 30 October 2006 20:06 Hide Post <javascript:void(0);> Again, it probably isn't OPSEC the DoD's worried about. A majority of these guys are smart enough to not post things that will get them and their buddies killed. And we know that. Consider that there's a lot of negative sentiment about the occupation right now. That we're in an election cycle. And that guys and gals who have been sent back into the breach for the fourth time, experiencing family problems as a result, questioning their own presence there, might have a little to say in these blogs. Now, we understand perfectly that a majority of our troops serve faithfully and will not do anything that will bring discredit upon themselves, their units, their service, or their country. But this is turning
18

into a long, hard slog. People are going to start pouring out their feelings on these things. Putting your business in the street via blogs and other public web sites is normal with many of our young people these days. Do you remember the amateur porn site that offered GIs free membership if they would post photos from the field? I went there once, out of curiosity. The pictures some of our troopers were posting were not pretty; in fact, many of them made the Abu Ghraib photos look like a Sunday school outing. They were incredibly graphic and horribly gruesome. There is a sense that our experience in Iraq is not going well, and there will be efforts to try to stop the flow of negative information as much as possible. OPSEC? Probably not. PR? Probably more accurate.

Posts: 845 <http://forums.military.com/eve/forums?a=userposts&sortType=1&u=2800025140001 > | Registered: Sat 31 December 2005 Reply With Quote <javascript:void(0);> Edit or Delete Message <javascript:void(0);> Report This Post <http://forums.military.com/eve/forums?a=ma&m=5060043590001 &t=1880072590001 &f= 672198221>

Ignored post by mcgreer <javascript:void(0)> posted Mon 30 October 2006 20:06 Mon 30 October 2006 20:06 Show Post <javascript:void(0);>

reconhottie <javascript:void(0)> Member Picture of reconhottie<http://forums.military.com/groupee_files/avatars/2/3/3/2330047140001/avatar.jpg> <http://forums.military.eom/eve/forums/a/tpc/f/672198221/m/1880072590001 ?r=9400073590001 # 9400073590001> Posted Mon 30 October 2006 22:10 Mon 30 October 2006 22:10 Hide Post <javascript:void(0);> What is next? Listing names, location, units and the like on a blog? Maybe invite the bad guys to look at it and take notes? Why the hell not straight invite them on bases to save them the effort of looking up sensitive info online, info posted by soldiers who think it is interesting to do. OPSEC is not so hard to understand and remember. If they are doing this just to have a way to vent, they need to think twice about it. About what is ok to post and what not.
19

Classification: UNCLASSIFIED Caveats: NONE

20

From: Sent: To: Subject: Attachments:

MQndgy^Oetofrgraa 2005 1Q:36 At FW: AWRAC in the news (UNCLASSIFIED) Untitled Attachment

Untitled Attachment

Classification: UNCLASSIFIED Caveats: NONE

Web Risk Assessment/Information Assurance Analyst

-Original MessageSent: Monday, October 30, 2006 8:52_ Subject: FW: AWRAC in the news (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE jund this article on AWRAC.

Office of Information Assurance and Compliance NE"

-Original MessageSent: Monday, October 30, 2006 8:38 AM Subject: AWRAC in the news Don't know if you caught this one.

Oct 29, 1:24 PM (ET) <http://apnews.excite.com/image/20061029/MILITARY_BLOGGING.sff_NYOL708_ 20061029130659.html?date=20061029&docid=D8L2F4200> (AP) Author Matthew Curier Burden stands at the Pritzker Military Library with a copy of his book... Full Image <http://apnews.excite.com/image/20061029/MILITARY_BLOGGING.sff_NYOL708_ 20061029130659.html?date=20061029&docid=D8L2F4200> RICHMOND, Va. (AP) - From the front lines of Iraq and Afghanistan to here at home, soldiers blogging about military life are under the watchful eye of some of their own. A Virginia-based operation, the Army Web Risk Assessment Cell, monitors official and unofficial blogs and other Web sites for anything that may compromise security. The team scans for official documents, personal contact information and pictures of weapons or entrances to camps. In some cases, that information can be detrimental, said Lt. Col. Stephen Warnock, team leader and battalion commander of a Manassas-based Virginia National Guard unit working on the operation. In one incident, a blogger was describing his duties as a guard, providing pictures of his post and discussing how to exploit its vulnerabilities. Other soldiers posted photos of an Army weapons system that was damaged by enemy attack, and another showed personal information that could have endangered his family. "We are a nation at war," Warnock said by e-mail. "The less the enemy knows, the better it is for our soldiers." In the early years of operations in the Middle East, no official oversight governed Web sites that sprung up to keep the families of those deployed informed about their daily lives. The oversight mission, made up of active-duty soldiers and contractors, as well as Guard and Reserve members from Maryland, Texas and Washington state, began in 2002 and was expanded in August 2005 to include sites in the public domain, including blogs. The Army will not disclose the methods or tools being used to find and monitor the sites. Nor will it reveal the size of the operation or the contractors involved. The Defense Department has a similar program, the Joint Web Risk Assessment Cell, but the Army program is apparently the only operation that monitors nonmilitary sites. Now soldiers wishing to blog while deployed are required to register their sites with their commanding officers, who monitor the sites quarterly, according to a four-page document of guidelines published . in April 2005 by Multi-National Corps-Iraq. Spc. Jean-Paul Borda, who has indexed thousands of military blogs for a site called Milblogging.com, "said in an e-mail interview that the military still is adapting to changing technology.
2

"This is a new media - Blogging. Podcasting. Online videos," wrote Borda, 32, of Dallas, who kept a blog while he was deployed in Afghanistan with the Virginia National Guard. "The military is doing what it feels necessary to ensure the safety of the troops." Warnock said the Web risk assessment team has reviewed hundreds of thousands of sites every month, sometimes e-mailing or calling soldiers asking them to take material down. If the blogger doesn't comply with the request, the team can work with the soldier's commanders to fix the problem - that is, if the blogger doesn't post anonymously. "We are not a law enforcement or intelligence agency. Nor are we political correctness enforcers," Warnock said. "We are simpiy trying to identify harmful Internet content and make the authors aware of the possible misuse of the information by groups who may want to damage United States interests." Some bloggers say the guidelines are too ambiguous - a sentiment that has led others to preemptively shut down or alter their blogs. "It's impossible to determine when something crosses the line from not a violation to a violation. It's like trying to define what pornography is or bad taste in music," said Spc. Jason Hartley, 32, who says he was demoted from sergeant and fined for reposting a blog he created while deployed to Iraq with the New York Army National Guard. According to Hartley, the Army had forced him to stop the blog even before the oversight operation existed, citing pictures he had posted of Iraqi detainees and discussions of how he loaded a weapon and the route his unit took to get to Iraq. Warnock contended that soldiers should not be discouraged from blogging altogether. Military bloggers "are simply expressing themselves in a wide open forum and want to share their lifechanging experiences with the rest of the world," Warnock said. "Giving soldiers an outlet for free expression is good. American soldiers are not shy about giving their opinions and nothing the Web Risk Cell does dampens that trait." Matthew Currier Burden, 39, a former intelligence officer who wrote "The Blog of War," a collection of entries from bloggers who served in the war, said soldiers' Web sites can go a long way toward portraying positive aspects of the war and other "stories that need to get told." But he said it's legitimate to fear that some information could be used the wrong way. "The enemy knows the value of the blogs," Burden said. "The biggest thing that we fear is battle damage assessment from the enemy. We want to deny them that."

On the Net: Milblogging: http://www.milblogging.com Classification: UNCLASSIFIED Caveats: NONE
3

Classification: UNCLASSIFIED Caveats: NONE

From: Sent: To: Subject:

Tuesday, September 26, 20067:57 A FW: AWRAC Mission (UNCLASSIFIED)

Classification: UNCLASSIFIED Caveats: NONE

Below is the list of personnel we would be meeting with, if the funds are available to travel to WA.

The location is Camp Murray WA just outside Ft Lewis and Tacoma, WA

The topic is there new TDA, manning, training and the AWRAC mission. feb Risk Assessment/Information Assurance Analyst

m

Sent: Monday, September 25, 2006 7:01 PM Subject: RE: AWRAC Mission (UNCLASSIFIED)

Our schedules are still wide open in October. Our preference is to meet prior to 14 October, so we can develop a plan and brief the team on 14/15 October. So, anytime between the 2nd and 13th of October should work for us.

Attenc

Include
I

OPSEC Deputy).

wa

Operations Officer 56th 10 Group

Sent: Monday, September 25, 2006 5:52 AM Subject:"RETSWlRAC"Mission(UMCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE

The weekend of 14/15 will not work for us. What other dates could we do the visit. I need the name and the position of the all the personnel who may be at the meeting, so I can justify the travel funds for the new FY.

Web Risk AssessrnerrtnnfoTmaTioTw^ssuran^ Analyst

Sent: Monday, September 18, 2006 7:14 Subject: FW: AWRAC Mission (UNCLASSIFIED)

2

Mr. Anzulewicz,

I am the S3 of the 156th 10 Bn (GS) at Camp Murray, WA. Please give me a call at your earliest convenience. I'd like to take you up on your offer to visit Camp Murray. We are currently planning training for calendar year 2007, and would like to discuss your organization, mission, training opportunities, etc.

V/R,

Operations Officer" 56th IO Grout

Sent: Monday, September 18, 2006 1:13 PM Subject: FW: AWRAC Mission (UNCLASSIFIED) FYI

Sent: Wednesday, August 23, 2006 7:06 AM Subject: AWRAC Mission (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Sir
3

las just been appointed as government lead for the AWRAC mission. We need an update of your unit's personnel status to include the name and email of new BN command. Both of us would like to visit you to work out any training or mission tasking issues you may have. Please give us possible visit dates between now and JAN 07.

Web Risk Assessment/Information Assurance Analyst

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE

4

To: Subject: Attachments:

david.lickwar@us.army.mil FW: AWRAC Numbers JAN 2007 (UNCLASSIFIED) AWRAC Numbers JAN 2007.ppt

AWRAC Numbers JAN 2007.ppt

^

Not sure if you remember me, we spoke on the phone briefly about the last AWRAC numbers. I'm curious if your team's done any decomposition of why the numbers went up so much in Web site violations and blogs? Are you catching more due to better scanning / more staff, or are more occurring? What are your thoughts?

Classification: UNCLASSIFIED Caveats: FOUO

Sent: Wednesday, January 31, 2007 11:34 AM
i

Classification: UNCLASSIFIED Caveats: NONE Good Afternoon Sir, I have attached the AWRAC Numbers for January 2007 to this email. As always, please contact me if you have any questions.

«...»

Lockheed Martin Mission Services Information Assurance Directorate NETC-EST-A ^ • • P t < eb Risk Assessment Cell 703-602-7481 (DSN 332) 703-602-3751 (Fax)

Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: FOUO

Sent: To: Subject: Attachments:

FW: Draft Warnings (UNCLASSIFIED) Warning AKO.doc; Warning lnternet.doc; 2nd warning-internet.doc

Warning AKO.doc

Warning lnternet.doc

2nd /varning-internet.dot

Classification: UNCLASSIFIED

Caveats: NONE

EST-A Army Web Risk Assessment Cell

Sent: Tuesday, November 22, 2005 9:58 AM Subject: Draft Warnings"

Here is a first draft. Comments? Classification: UNCLASSIFIED Caveats: NONE